AI SOC Engineer

About the Role

We are looking for an AI SOC Engineer who combines deep offensive/defensive security expertise with hands-on AI engineering skills. You will be the core builder of our “Security Brain” — leveraging LLMs and AI agents to automate detection rule generation, suppress alert noise, and drive fully automated security operations. Using AI to fight AI, you will help Bybit’s SOC stay ahead of increasingly sophisticated, AI-powered adversaries.

Key Responsibilities

• Use LLMs and AI tools to automate generation, testing, and continuous optimization of SIEM/EDR/NDR detection rules based on threat intelligence and ATT&CK TTPs
• Build a full detection rule lifecycle management system: auto-generate → validate → deploy → evaluate → iterate
• Design and implement AI/ML-based alert triage, prioritization, and false-positive suppression models to continuously reduce MTTD/MTTR
• Build AI Agent-driven alert automation pipelines: triage → context enrichment → automated verdict → response recommendation
• Architect the “Security Brain”: integrate threat intelligence, attack graphs, asset context, and behavioral baselines into a unified knowledge graph
• Research and deploy AI SOC platform capabilities: automated threat hunting, AI-assisted incident investigation, and natural language security query (SecOps Copilot)
• Design detection scenarios from an attacker’s perspective, ensuring coverage of real APT TTPs (including Lazarus and other crypto-industry threat actors)
• Research AI-assisted attack techniques (AI-generated payloads, automated reconnaissance, LLM-assisted social engineering) and proactively build corresponding detection capabilities
• Track AI SOC frontier research (LLM for Security, AI Agent for SOC, Agentic Security Operations) and drive internal adoption

Major Requirements

• 3+ years of SOC/security operations or penetration testing experience with deep understanding of attack chains and defensive architectures
• Proficient in major SIEM platforms (Splunk, Elastic etc.) and detection rule languages (SPL, KQL, Sigma)
• Familiar with MITRE ATT&CK framework; able to map TTPs and design corresponding detection scenarios
• Hands-on experience in alert investigation, incident response, or threat hunti
• ngStrong Python engineering skills; able to independently develop AI-assisted security tools and automation scripts
• Familiar with LLM application development (Prompt Engineering, RAG, Function Calling, AI Agent frameworks such as LangChain/AutoGen)
• Practical experience applying AI/ML models to security use cases (alert classification, anomaly detection, NLP log analysis)
• (Bonus) Experience designing or building AI SOC products or platforms (AI SOAR, SecOps Copilot, automated playbooks)
• (Bonus) Familiarity with knowledge graphs and graph databases (Neo4j, etc.) in security contexts
• (Bonus) Web3 / cryptocurrency security background (on-chain attack detection, exchange security operations)
• (Bonus) Security certifications (OSCP, GCIA, GCIH, GREM) or public research contributions (CVE, conference talks, open-source tools)