TENEX is an AI-native, automation-first, built-for-scale Managed Detection and Response (MDR) provider. We are a force multiplier for defenders, helping organizations enhance their cybersecurity posture through advanced threat detection, rapid response, and continuous protection. Our team is composed of industry experts with deep experience in cybersecurity, automation and AI-driven solutions. Backed by leading investors, we are rapidly growing and seeking top talent to join our mission of revolutionizing the AI-Native MDR landscape.
We’re a fast growing startup backed by industry experts and top tier investors led by Crosspoint Capital Partners and also backed by Shield Capital, DTCP (formerly Deutsche Telekom Capital Partners), Deepwork Capital, and the Florida Opportunity Fund. Seed round led by Andreessen Horowitz (a16z). As an early employee, you’ll play a meaningful role in defining and building our culture. Get in on the ground floor. We’re a small but well-funded team that just raised a substantial round – joining now comes with limited risk and unlimited upside.
Culture is one of the most important things at TENEX.AI—explore our culture deck at culture.tenex.ai to witness how we embody it, prioritizing the irreplaceable collaboration and community of in-person work.
About the RoleAs a Forward Deployed Data Engineer — SIEM/SOAR, you build the content that powers TENEX's MDR delivery. From detection rules and log parsers to SOAR playbooks, dashboards, and custom API integrations, your work is what makes the platform intelligent. You are also a technical trainer — helping customers understand the content they're running and the platform they're operating.
Job ResponsibilitiesAuthor, tune, and maintain detection rules, correlation logic, and threat content across Google SecOps and Microsoft Sentinel
Build and validate log parsers for new data sources integrated into customer environments
Develop and maintain SOAR playbooks, automation workflows, and dashboards for common alert types and operational use cases
Build cloud run functions, scripts, and API integrations where native connectors or content do not exist
Collaborate with Deployment Engineers to ensure content is ready for new customer go-lives
Monitor detection coverage gaps and proactively develop content to address them
Incorporate threat intelligence and adversary TTPs (MITRE ATT&CK) into detection logic
Serve as an advanced enablement resource for customers — training them on detection content, dashboards, and platform capabilities at a deeper technical level
Document all content with clear metadata, use cases, and tuning notes
Support AI-assisted content generation workflows with human review as the quality gate
3+ years in detection engineering, content engineering, or security operations
Strong proficiency in SIEM detection rule development — YARA-L for Google SecOps, KQL for Sentinel, or similar
Experience building and maintaining SOAR playbooks and automation workflows
Proficiency with log parser development for diverse data source types
Knowledge of MITRE ATT&CK framework and its application to detection content
Experience with Python, cloud run functions, and REST API integrations
Experience building security dashboards for operational use cases
Understanding of threat intelligence and how TTPs translate into actionable detection logic
Strong problem-solving and troubleshooting skills with a bias toward action
Excellent customer-facing communication and collaboration abilities
Ability to thrive in a fast-paced, high-performance startup environment
Passion for cybersecurity, automation, and continuous improvement
Bachelor's degree in Computer Science, Cybersecurity, Engineering, or a related field (or equivalent practical experience)
Relevant certifications such as CISSP, CISM, GIAC certifications, Google Cloud Professional, Microsoft SC-200/AZ-500, or AWS Certified Solutions Architect are a plus
Opportunity to work with cutting-edge AI-driven cybersecurity technologies and next-generation security platforms
Collaborate with a talented and innovative team focused on continuously improving security operations
Competitive salary and benefits package
A culture of growth and development, with opportunities to expand your expertise in AI, cybersecurity, and engineering
Be part of building something new — TENEX's Forward Deployed Engineering organization is a greenfield opportunity to define how enterprise security is delivered at scale
Skills Required
- 3+ years in detection engineering, content engineering, or security operations
- Strong proficiency in SIEM detection rule development
- Experience building and maintaining SOAR playbooks and automation workflows
- Proficiency with log parser development for diverse data source types
- Knowledge of MITRE ATT&CK framework
- Experience with Python, cloud run functions, and REST API integrations
- Experience building security dashboards for operational use cases
- Understanding of threat intelligence and TTPs
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field
- Relevant certifications such as CISSP, CISM, Google Cloud Professional
What We Do
TENEX is a cybersecurity company leveraging advanced artificial intelligence and human expertise to transform enterprise security. Backed by Andreessen Horowitz (a16z) and Shield Capital, TENEX’s flagship offering is a next-generation Managed Detection and Response (MDR) service, transforming how organizations detect and respond to threats. With deep expertise in Google and Microsoft security ecosystems and state-of-the-art AI capabilities, TENEX empowers enterprises to enhance threat detection, agility, and resilience while maximizing the value of their security investments.
