Staff Security Engineer - Security Data, Detection and Automation

Nscale is a GPU cloud engineered for AI, providing infrastructure for AI start-ups and enterprise customers. They are seeking a Senior Staff Engineer to build the telemetry, detection, response automation, and reporting foundation for their security operations capabilities.

Responsibilities:

• Design security telemetry architecture across endpoint security, security analytics, identity platforms, SaaS systems, cloud platforms, vulnerability tools, endpoint inventory, and production access systems
• Build a telemetry source map covering ownership, data quality, retention, coverage, priority use cases, and known gaps
• Establish data quality, parser quality, ingestion health, field normalization, and source ownership standards
• Create daily source-health reporting and scoring for SIEM or security analytics data quality
• Own the detection engineering lifecycle from hypothesis and data source selection through logic, testing, tuning, ownership, runbook, expiry, and metrics
• Define high-value detection use cases across identity, endpoint, SaaS, cloud, and production access
• Develop detections with documented test logic, runbooks, data dependencies, and case-quality criteria
• Apply TTP-led threat modeling across corporate, cloud, production, identity, SaaS, endpoint, insider, and AI-agent risk scenarios
• Validate detection coverage through attack simulation or other coverage-testing approaches
• Build SOAR and automation workflows that enrich alerts, suppress low-value noise, route cases, and improve analyst decision-making
• Design scalable data pipelines, enrichment flows, and automations that improve operational quality
• Implement detection-as-code or version-controlled detection content where practical
• Use automation to improve the consistency, explainability, and actionability of security outcomes
• Measure MDR/SOC performance using case-quality metrics such as false positive rate, time to triage, time to containment, evidence completeness, and escalation quality
• Create a MDR/SOC case-quality review loop for internal and external stakeholders
• Produce security dashboards and executive reporting that connect security operations to measurable risk reduction
• Improve alert explainability so analysts and leaders can understand why detections fired and what actions matter most
• Partner with security leadership to strengthen internal ownership of detection logic, containment decisions, runbooks, executive metrics, and automation
• Collaborate with Identity and Vulnerability Management hires to define production-access, privileged-access, and exposure-driven detection requirements
• Connect engineering and operational stakeholders around shared standards for telemetry quality, response workflows, and detection effectiveness

Requirements:

• 8+ years in detection engineering, security data engineering, SIEM engineering, security automation, incident response engineering, or similar roles
• Strong hands-on experience with SIEM, security analytics, log management, or detection platforms
• Strong ability in coding, scripting, querying, or detection-content development
• Experience building detection logic from host, identity, cloud, SaaS, network, DNS, proxy, EDR, vulnerability, or application telemetry
• Experience with detection testing, threat hunting, incident response, alert tuning, and runbook development
• Ability to design scalable data pipelines, enrichment flows, or automations
• Strong understanding of attacker TTPs, MITRE ATT&CK, identity attacks, cloud attacks, endpoint telemetry, and insider-threat indicators
• Experience with SOAR, case management, detection-as-code, GitOps, CI/CD, or automated detection testing
• Experience measuring MDR, SOC, or managed detection provider performance
• Experience using AI or agentic workflows to improve triage, enrichment, investigation, or detection validation with guardrails