Security Engineer, Detection Engineering

Saronic Technologies is a leader in revolutionizing autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations through autonomous and intelligent platforms.

Security at Saronic is a force multiplier. We're seeking a Security Engineer at the senior-level or above on our Security Operations team with strong detection engineering experience. You'll design and develop high-fidelity detection content, build and operate the data pipelines that power our security operations, develop automation playbooks that accelerate response, and work across a uniquely diverse telemetry landscape spanning cloud infrastructure, embedded vessel platforms, corporate systems, and operational technology.

This role is heavily weighted toward detection engineering. You should think in terms of adversary behavior and telemetry coverage, not just alert triage. You'll own detections end-to-end: from identifying gaps in coverage, through designing and testing detection logic, to tuning and validating in production.

Key Responsibilities:

• Design, build, test, and tune high-fidelity detection rules and analytic queries across endpoint, cloud, network, identity, and DLP telemetry sources
• Develop and maintain detection content using detection-as-code practices including version-controlled logic, automated testing, and CI/CD deployment
• Map detection coverage to MITRE ATT&CK, identify gaps, and prioritize new detection development based on threat intelligence and business risk
• Engineer correlation rules, behavioral analytics, and anomaly-based detections that minimize false positives while surfacing real adversary tradecraft
• Own the detection lifecycle from initial development through production tuning, performance monitoring, and retirement
• Build and operate pipelines to ingest, normalize, enrich, and manage security telemetry at scale across diverse data sources, using Terraform and infrastructure-as-code practices to deploy and maintain logging and detection infrastructure
• Design and maintain log collection, parsing, and enrichment configurations that ensure the right telemetry is available at the right fidelity for detection and investigation
• Evaluate and onboard new telemetry sources as Saronic's infrastructure and threat landscape evolve
• Monitor pipeline health, data quality, and ingestion reliability to ensure detections operate on complete and accurate data
• Develop and manage automated response playbooks in SOAR platforms to accelerate containment and reduce analyst toil
• Build automation that enriches alerts with contextual data, reducing investigation time and improving analyst decision-making
• Support incident response efforts and translate lessons learned into improved detections and playbooks
• Partner with SOC analysts, Cloud Security, Product Security, and IT teams to close visibility and detection gaps across environments
• Collaborate with threat intelligence to ensure detection engineering is informed by current adversary TTPs relevant to defense, maritime, and autonomous systems

Required Qualifications:

• 3+ years of hands-on experience in detection engineering, security operations, security automation, or a closely related security engineering role
• Demonstrated experience designing, testing, and tuning detection rules and analytic queries across production security telemetry (endpoint, cloud, network, identity, or DLP)
• Hands-on experience with SIEM platforms and proficiency with query languages such as SPL, KQL, or equivalent
• Experience building and operating security data pipelines, including log ingestion, normalization, enrichment, and data quality management
• Understanding of data engineering concepts including ETL pipelines, data modeling, schema design, and indexing as applied to security telemetry
• Hands-on coding experience in Python, PowerShell, Go, or Rust for security automation, detection tooling, or pipeline development, and familiarity with Terraform for managing detection and logging infrastructure as code
• Understanding of MITRE ATT&CK framework and its application to detection coverage and gap analysis
• Ability to obtain and maintain a security clearance

Preferred Qualifications:

• Experience in defense, aerospace, robotics, autonomy, or other high-assurance environments
• Experience with EDR platforms including custom detection rule creation and telemetry analysis
• Experience with cloud-native detection in AWS and Microsoft 365/Azure
• Experience using Terraform to deploy and manage security monitoring infrastructure, log pipeline components, or cloud-native security service configurations
• Hands-on experience with incident response, threat hunting, or adversary emulation
• Exposure to embedded Linux, operational technology, or ICS telemetry and detection
• Familiarity with NIST SP 800-171, NIST SP 800-53, or CMMC and their logging and monitoring requirements
• Relevant certifications such as GCIH, GCIA, GCDA, GSOM, OSDA, or OSCP

Benefits:

• Medical Insurance: Comprehensive health insurance plans covering a range of services
• Saronic pays 100% of the premium for employees and 80% for dependents
• Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care
• Saronic pays 100% of the premium under the basic plan for employees and 80% for dependents
• Time Off: Generous PTO and Holidays
• Parental Leave: Paid maternity and paternity leave to support new parents
• Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses
• Retirement Plan: 401(k) plan
• Stock Options: Equity options to give employees a stake in the company's success
• Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage
• Pet Insurance: Discounted pet insurance options including 24/7 Telehealth helpline
• Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office

This role requires access to export-controlled information or items that require "U.S. Person" status. As defined by U.S. law, individuals who are any one of the following are considered to be a "U.S. Person": (1) U.S. citizens, (2) legal permanent residents (a.k.a. green card holders), and (3) certain protected classes of asylees and refugees, as defined in 8 U.S.C. 1324b(a)(3).

Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.