Horizon3.aiRemote
Staff Software Engineer, Security Controls Telemetry & Detection
United States of America
Full Time
2 hours ago
$220,000 - $275,000 USD
Visa Sponsor
Key skills
EDR telemetryCrowdStrikeSentinelOneMicrosoft DefenderEDR APIDetection logicAlert triage workflowsSOC operationsGround truth datasetsFalse positive/False negative tradeoffsConfidence scoringGoRustPythonService-oriented architectureAIML
About this role
Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. They are hiring a Staff Software Engineer to own the technical vision for EDR telemetry and detection work inside NodeZero, focusing on integrating AI and ML research into detection capabilities.
Responsibilities:
- Owns the end-to-end technical vision for the workstream and rallies the team around it — from blank doc through shipping, iterating, and deprecating
- Production code contributions at Lead/Staff level in a modern backend language (Go, Rust, Python, or similar) in a service-oriented environment
- Sets and raises the technical bar (design reviews, code quality, operational discipline) by example rather than by mandate
- Mentors and enhances the engineers around them; Build the frameworks and architecture for others to do the best work of their careers
- Partners with the hiring team to attract, interview, and level engineers into the workstream as it scales
- Holds the team accountable to outcomes rather than activity; surfaces risks and tradeoffs early and in writing
- Translates ambiguous product goals into concrete technical roadmaps
- Makes build vs. buy vs. integrate calls with business context, not just engineering preference
- Partners closely with PM — comfortable in PRD reviews, not just sprint planning
- Sequences an MVP without painting the team into a corner
- Deep familiarity with at least one major EDR platform (CrowdStrike, SentinelOne, Microsoft Defender) at the telemetry and API level
- Understands detection logic, alert triage workflows, and how SOC teams consume EDR output
- Can build and evaluate labeled ground truth datasets — knows what a correct detection actually looks like
- Fluent in FP/FN tradeoffs and confidence scoring in real production environments
- Defines ground truth methodology and oversees execution (initially with intern support)
- Designs confidence scoring approach and FP/FN threshold definitions
- Owns calibration and recalibration methodology as the system evolves
- Defines what “correct” looks like for tuning recommendations, translates missed detections into vendor-accurate guidance
Requirements:
- Owns the end-to-end technical vision for the workstream and rallies the team around it — from blank doc through shipping, iterating, and deprecating
- Production code contributions at Lead/Staff level in a modern backend language (Go, Rust, Python, or similar) in a service-oriented environment
- Sets and raises the technical bar (design reviews, code quality, operational discipline) by example rather than by mandate
- Mentors and enhances the engineers around them; Build the frameworks and architecture for others to do the best work of their careers
- Partners with the hiring team to attract, interview, and level engineers into the workstream as it scales
- Holds the team accountable to outcomes rather than activity; surfaces risks and tradeoffs early and in writing
- Translates ambiguous product goals into concrete technical roadmaps
- Makes build vs. buy vs. integrate calls with business context, not just engineering preference
- Partners closely with PM — comfortable in PRD reviews, not just sprint planning
- Sequences an MVP without painting the team into a corner
- Deep familiarity with at least one major EDR platform (CrowdStrike, SentinelOne, Microsoft Defender) at the telemetry and API level
- Understands detection logic, alert triage workflows, and how SOC teams consume EDR output
- Can build and evaluate labeled ground truth datasets — knows what a correct detection actually looks like
- Fluent in FP/FN tradeoffs and confidence scoring in real production environments
- Defines ground truth methodology and oversees execution (initially with intern support)
- Designs confidence scoring approach and FP/FN threshold definitions
- Owns calibration and recalibration methodology as the system evolves
- Defines what 'correct' looks like for tuning recommendations, translates missed detections into vendor-accurate guidance