Key skills
Threat DetectionIncident ResponseThreat HuntingProduct SecurityCorporate SecurityPythonGoAI/ML-powered detection and responseLogging and observability analysisCloud securityIdentity and Access ManagementSaaS securityEndpoint securityData securityInsider risk managementCI/CDInfrastructure as CodeDetections as CodeUnit testingVersion controlAWSAzureGCPLarge-scale log and telemetry datasetsTerraformCloudFormationSecurity analyticsRisk-based approach to securitySQLAIMLData EngineeringAnalyticsSnowflakeVersion ControlSaaSCloud Security
About this role
Snowflake is a leading cloud data platform company that focuses on AI-powered threat detection and response. They are seeking a Security Engineer – Threat Detection to enhance their Threat Detection Program, leveraging AI and automation to improve security measures and respond to threats effectively.
Responsibilities:
- Develop and deploy detections using modern engineering practices (testing/validation, CI/CD pipelines, detections as code, detection development lifecycle, etc.), including both rules-based and AI-assisted detections
- Mature our threat detection program by analyzing gaps and mitigating risks via detective controls, including experimentation with AI/ML approaches where they improve signal-to-noise ratio or analyst efficiency
- Build and maintain strong partnerships with our stakeholders to provide detection as a service, including self-service patterns, reusable components, and AI-enhanced detections that support their domains
- Continuously measure and improve detection quality (coverage, precision/recall, false positive rate, latency)
Requirements:
- Security Engineering Experience (Threat Detection, Incident Response, Threat Hunting, Product Security, Corporate Security, or other related disciplines)
- Solid experience writing code—whether in software engineering, data engineering, or building automations (Python, Go, etc.), with a desire to apply these skills to AI/ML-powered use cases in detection and response
- Experience collaborating with various security teams and stakeholders
- Ability to review and analyze logging and observability requirements that support detection and response
- A risk-based approach to security to help prioritize key security initiatives and determine when AI provides meaningful value over traditional rules and heuristics
- Knowledge of the current security landscape with domain knowledge in several of: cloud security, identity and access, SaaS security, endpoint security, data security, and insider risk
- An automation-first mindset for scaling security, including comfort with CI/CD, infrastructure as code, and 'detections as code.'
- Be a humble, team-oriented engineer who prioritizes team success in a zero-ego environment
- Experience with development in a high-level programming language (Go, Python, etc.), and comfort applying those skills to data-heavy, automation, or AI-related projects
- Experience handling data programmatically (SQL, Python, etc.), ideally including large-scale log and telemetry datasets used for detection logic or analytics
- Experience writing production code including unit tests, version control, and CI/CD integration
- Experience with at least one major cloud provider (AWS, Azure, GCP) and understanding of its native logging, monitoring, and security services
- Familiarity with the risks that impact SaaS products and workstations (e.g., account compromise, data exfiltration, phishing, supply chain attacks)
- Computer Science degree or equivalent practical experience
- Experience developing and working with systems that utilize infrastructure as code (e.g., Terraform, CloudFormation), and/or 'detections as code' frameworks
- Experience building and maintaining production-level software or platforms that process high-volume data streams (e.g., logging, metrics, traces) or power security analytics
- Experience deploying detections at a global scale
- Experience with Snowflake or equivalent cloud data platforms, including building data pipelines or analytics that could support security workloads