Threat Detection Engineer (Remote)

About Tenex:

TENEX.AI is an AI-native, automation-first, built-for-scale Managed Detection and Response (MDR) provider. We are a force multiplier for defenders, helping organizations enhance their cybersecurity posture through advanced threat detection, rapid response, and continuous protection. Our team is comprised of industry experts with deep experience in cybersecurity, automation, and AI-driven solutions. We’re a fast growing startup backed by industry experts and top tier investor Andreessen Horowitz. As an early employee, you’ll play a meaningful role in defining and building our culture. Get in on the ground floor. We’re a small but well-funded team that just raised a substantial round – joining now comes with limited risk and unlimited upside. We are rapidly growing and seeking top talent to join our mission of revolutionizing the cybersecurity landscape.

About the Role:

Tenex is seeking a highly motivated and skilled Threat Detection Engineer to join our growing Security Operations team. In this critical role, you will be responsible for proactively identifying and mitigating security threats by developing and implementing advanced detection rules (YARA-L). You will work with our Security Operations team and leverage your deep understanding of attack methodologies, security vulnerabilities, and log analysis to enhance security posture and protect assets.

Culture is one of the most important things at TENEX.AI—check out our culture deck at culture.tenex.ai to experience how we champion it, valuing the unmatched collaboration and community of in-person work while offering flexibility for the best of the best.

This role is for the extraordinary—the pinnacle 10x of 10x legends in any role— where we make exceptions to our in-person hiring to champion full remote freedom, empowering you to conquer without boundaries while still inviting you to join our in-person energy from time to time.

To be direct up front - If you’re looking at this position, we strongly recommend you consider accepting one of our lucrative relocation packages to our epic hubs in Sarasota, Florida (outside Tampa), or Overland Park in the Kansas City metro—where trailblazers redefine cybersecurity with 10x impact!

In Florida, you can break free from overly inflated cost of living sky-high taxes (like those of you trapped in California or New York) via our incredibly aggressive relocation packages, enjoying zero state income tax, boundless personal freedom, a pro-business surge, endless sunshine, and a pro-family haven in the master-planned Lakewood Ranch with elite amenities and vibes. In KC, leverage those same powerhouse relocation perks for lower taxes, authentic Midwest values of integrity and community, and a supportive, family-oriented ecosystem for enduring wins. See those respective listings with more details on our careers page.

For candidates who embody the rare "10x of 10x" talent, we offer the flexibility of fully remote work. If you are an exceptional, unrivaled force in this role and prefer not to relocate at this time, we encourage you to apply for this remote-first position. Please be aware that the competition for these remote roles is exceptionally fierce, and the standards for selection are significantly higher.

Responsibilities:

• Design, develop, implement, and maintain custom detection rules, correlation searches, and alerts within Google Security Operations (SecOps) to identify malicious activity, security incidents, and policy violations.

• Utilize your expertise in the SecOps detection engine and YARA-L syntax to create efficient and effective detection logic.

• Analyze large datasets of security logs and events from various sources (e.g., cloud platforms, endpoint detection and response (EDR), network devices, applications) to identify patterns and anomalies indicative of threats.

• Stay up-to-date with the latest threat intelligence, attack techniques, and security trends to proactively develop new detection strategies.

• Collaborate closely with Security Analysts to tune detections logic based on incident analysis and threat landscape changes.

• Contribute to the development and maintenance of security documentation, including YARA-L rules, response strategies, playbooks, and operational procedures.

• Participate in the evaluation and integration of new security tools and technologies.

• Automate detection creation, threat intelligence gathering, and rule deployment.

• Provide mentorship, training, and guidance to junior team members.

Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent practical experience).

• Minimum of 5 years of experience in a security operations role, with a strong focus on threat detection and analysis.

• Proven experience developing and implementing YARA-L rules within Google Security Operations (SecOps) is essential.

• Experience with threat intelligence and its integration into detection strategies.

• Deep understanding of security principles, common attack vectors, and threat actor tactics, techniques, and procedures (TTPs).

• Strong analytical and problem-solving skills with the ability to analyze complex security logs and identify meaningful patterns.

• Proficiency in scripting languages such as Python or similar for automation and analysis.

• Experience working with various security technologies and data sources, including but not limited to:

  • Cloud security platforms (e.g., GCP, AWS, Azure)

  • Endpoint Detection and Response (EDR) solutions

  • Security Information and Event Management (SIEM) systems

  • Network security devices (firewalls, intrusion detection/prevention systems)

  • Identity and Access Management (IAM) systems

• The ability to effectively communicate technical information to both technical and non-technical audiences.

• Ability to work independently and as part of a team in a fast-paced environment.

Preferred Qualifications:

• Relevant security certifications such as Security+, CySA+, GCIH, GCIA, or similar.

• Familiarity with MITRE ATT&CK framework and its application in developing detection rules.

• Experience with SOAR (Security Orchestration, Automation and Response) platforms.

• Knowledge of data science and machine learning concepts as applied to security analytics.

Why Join Us?

• Opportunity to work with cutting-edge AI-driven cybersecurity technologies and Google SecOps solutions.

• Collaborate with a talented and innovative team focused on continuously improving security operations.

• Competitive salary and benefits package.

• A culture of growth and development, with opportunities to expand your knowledge in AI, cybersecurity, and emerging technologies.

If you're passionate about combining cybersecurity expertise with artificial intelligence and have experience with Google SecOps and Chronicle, we encourage you to apply!