Security Engineer - Threat Detection

Security Engineer – Threat Detection

At Snowflake, we are powering the era of the agentic enterprise. To usher in this new era, we seek AI-native thinkers across every function who are energized by the opportunity to reinvent how they work. You don't just use tools; you possess an innate curiosity, treating AI as a high-trust collaborator that is core to how you solve problems and accelerate your impact. We look for low-ego individuals who thrive in dynamic and fast-moving environments and move with an experimental mindset — who rapidly test emerging capabilities to discover simpler, more powerful ways to deliver results. At Snowflake, your role isn't just to execute a function, but to help redefine the future of how work gets done.

Snowflake has developed a world class cloud data platform that is effective, affordable and accessible to all data users. As we continue to scale globally, we are investing heavily in AI-powered threat detection and response to protect our customers and our environment at cloud scale.

We are looking for a Security Engineer – Threat Detection who will help enhance Snowflake's Threat Detection Program and extend the reach and impact of Threat Detection across Snowflake, with AI and automation as core primitives in how we detect, triage, and respond to threats. You will combine security expertise with strong engineering skills to build, maintain, and evolve detections and supporting pipelines.

The ideal candidate seeks to gain a strong understanding of the Snowflake Product and Corporate environment, then uses that knowledge to create, optimize, and continuously improve detections that mitigate identified risks. You will partner with stakeholders across Security and Engineering, making informed, data-driven decisions based on threat models, proactive threat hunts, and data science–oriented exploration of logs and telemetry.

You will make recommendations for detective and preventative controls, and you will design and build automations and AI-driven workflows that enhance our security posture and reduce mean time to detect and respond.

WHAT YOU NEED:

• Security Engineering Experience (Threat Detection, Incident Response, Threat Hunting, Product Security, Corporate Security, or other related disciplines)
• Solid experience writing code —whether in software engineering, data engineering, or building automations (Python, Go, etc.), with a desire to apply these skills to AI/ML-powered use cases in detection and response.
• Experience collaborating with various security teams and stakeholders
• Ability to review and analyze logging and observability requirements that support detection and response
• A risk-based approach to security to help prioritize key security initiatives and determine when AI provides meaningful value over traditional rules and heuristics.
• Knowledge of the current security landscape with domain knowledge in several of: cloud security, identity and access, SaaS security, endpoint security, data security, and insider risk.
• An automation-first mindset for scaling security, including comfort with CI/CD, infrastructure as code, and "detections as code."
• Be a humble, team-oriented engineer who prioritizes team success in a zero-ego environment.

WHAT YOU WILL DO:

• Develop and deploy detections using modern engineering practices (testing/validation, CI/CD pipelines, detections as code, detection development lifecycle, etc.), including both rules-based and AI-assisted detections.
• Mature our threat detection program by analyzing gaps and mitigating risks via detective controls, including experimentation with AI/ML approaches where they improve signal-to-noise ratio or analyst efficiency.
• Build and maintain strong partnerships with our stakeholders to provide detection as a service, including self-service patterns, reusable components, and AI-enhanced detections that support their domains.
• Continuously measure and improve detection quality (coverage, precision/recall, false positive rate, latency)

MINIMUM QUALIFICATIONS:

• Experience with development in a high-level programming language (Go, Python, etc.), and comfort applying those skills to data-heavy, automation, or AI-related projects.
• Experience handling data programmatically (SQL, Python, etc.), ideally including large-scale log and telemetry datasets used for detection logic or analytics.
• Experience writing production code including unit tests, version control, and CI/CD integration.
• Experience with at least one major cloud provider (AWS, Azure, GCP) and understanding of its native logging, monitoring, and security services.
• Familiarity with the risks that impact SaaS products and workstations (e.g., account compromise, data exfiltration, phishing, supply chain attacks)

PREFERRED QUALIFICATIONS:

• Computer Science degree or equivalent practical experience
• Experience developing and working with systems that utilize infrastructure as code (e.g., Terraform, CloudFormation), and/or "detections as code" frameworks
• Experience building and maintaining production-level software or platforms that process high-volume data streams (e.g., logging, metrics, traces) or power security analytics
• Experience deploying detections at a global scale
• Experience with Snowflake or equivalent cloud data platforms, including building data pipelines or analytics that could support security workloads

WHY YOU SHOULD WORK WITH US:

• We are laser focused on doing security in the agentic era, and we do not tolerate the status quo
• We have strong demand from our customers and strong support from the business for security, giving us both mandate and runway to invest in next-generation, AI-driven detection and response capabilities
• We are a great team with a diverse set of backgrounds and skills and we are excited to add engineers who want to push the frontier of AI in security
• You want to be part of a team solving Security Threat Detection at a global scale, leveraging Snowflake's own data platform and AI capabilities to build detections and workflows that meaningfully raise the bar for defenders
• Did we mention we are one of the fastest-growing software companies ever? The opportunity for impact—on both Snowflake and the broader security ecosystem—is enormous

Every Snowflake employee is expected to follow the company's confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company's data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.

Snowflake is growing fast, and we're scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake.

How do you want to make your impact?

For jobs located in the United States, please visit the job posting on the Snowflake Careers Site for salary and benefits information: careers.snowflake.com