​This is a full-time, remote (USA) Threat Detection Engineer role in the Security Operations Department at TENEX.AI, an AI-native Managed Detection and Response (MDR) provider. This is a critical role responsible for proactively identifying and mitigating security threats by developing, implementing, and maintaining advanced detection rules (YARA-L) within Google Security Operations (SecOps).

• ​Location: Remote, USA (Extreme preference/relocation packages offered for Sarasota, FL, or Overland Park, KS; Remote status reserved for “10x of 10x” talent).
• ​Experience: Minimum of 5 years of experience in a security operations role with a strong focus on threat detection and analysis.
• ​Education: Bachelor’s degree in a related field (or equivalent practical experience).
• ​Key Focus: YARA-L rule development, Google SecOps, log analysis across cloud/EDR/network sources, TTP analysis, and detection automation.

​Responsibilities: Rule Development, Analysis, and Automation

​The engineer is the primary expert in threat detection logic, ensuring the security platform is highly tuned and effective against emerging threats.

• ​Detection Engineering: Design, develop, implement, and maintain custom detection rules, correlation searches, and alerts within Google Security Operations (SecOps) to identify malicious activity, security incidents, and policy violations.
• ​YARA-L Expertise: Utilize expertise in the SecOps detection engine and YARA-L syntax to create efficient and effective detection logic.
• ​Log Analysis: Analyze large datasets of security logs and events from various sources (cloud platforms, EDR, network devices, applications) to identify patterns and anomalies indicative of threats.
• ​Proactive Strategy: Stay up-to-date with the latest threat intelligence, attack techniques, and TTPs  to proactively develop new detection strategies.
• ​Automation: Automate detection creation, threat intelligence gathering, and rule deployment.
• ​Collaboration & Documentation: Collaborate closely with Security Analysts to tune detection logic. Contribute to the development and maintenance of security documentation, playbooks, and response strategies.
• ​Mentorship: Provide mentorship, training, and guidance to junior team members.

​Required Qualifications and Technical Environment

​The position requires deep, proven experience with specific security tools, scripting, and modern threat concepts.

• ​Core Experience (5+ years): Minimum of 5 years in security operations, with a strong focus on threat detection and analysis.
• ​Platform Expertise (Essential): Proven experience developing and implementing YARA-L rules within Google Security Operations (SecOps) is essential.
• ​Threat Knowledge: Deep understanding of security principles, common attack vectors, and threat actor tactics, techniques, and procedures (TTPs). Experience with threat intelligence and its integration into detection strategies.
• ​Scripting: Proficiency in scripting languages such as Python or similar for automation and analysis.
• ​Diverse Tool Experience (including but not limited to): Cloud security platforms (GCP, AWS, Azure), Endpoint Detection and Response (EDR) solutions, SIEM systems, Network security devices, and IAM systems.
• ​Preferred Qualifications:
  • ​Relevant security certifications (Security+, CySA+, GCIH, GCIA, or similar).
  • ​Familiarity with MITRE ATT&CK framework.
  • ​Experience with SOAR (Security Orchestration, Automation and Response) platforms.
  • ​Knowledge of data science and machine learning concepts as applied to security analytics.