{"version":"0.1","company":{"name":"YubHub","url":"https://yubhub.co","jobsUrl":"https://yubhub.co/jobs/skill/detection-validation-tools"},"x-facet":{"type":"skill","slug":"detection-validation-tools","display":"Detection Validation Tools","count":1},"x-feed-size-limit":100,"x-feed-sort":"enriched_at desc","x-feed-notice":"This feed contains at most 100 jobs (the most recently enriched). For the full corpus, use the paginated /stats/by-facet endpoint or /search.","x-generator":"yubhub-xml-generator","x-rights":"Free to redistribute with attribution: \"Data by YubHub (https://yubhub.co)\"","x-schema":"Each entry in `jobs` follows https://schema.org/JobPosting. YubHub-native raw fields carry `x-` prefix.","jobs":[{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_c2aaf7ac-804"},"title":"Security Engineer - Threat Detection","description":"<p><strong>Job Description</strong></p>\n<p>You will design, build, and maintain detections that identify malicious activity across Stripe&#39;s infrastructure, applications, and cloud environments.</p>\n<p><strong>Responsibilities</strong></p>\n<ul>\n<li>Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle</li>\n<li>Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry</li>\n<li>Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls</li>\n<li>Perform malware analysis and reverse engineering to extract indicators and inform detection strategies</li>\n<li>Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS</li>\n<li>Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic</li>\n<li>Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises</li>\n<li>Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment</li>\n<li>Map detection coverage to MITRE ATT&amp;CK, identifying and prioritizing gaps across key attack surfaces</li>\n<li>Lead projects, mentor teammates, and champion quality standards within the team</li>\n</ul>\n<p><strong>Requirements</strong></p>\n<ul>\n<li>5+ years of experience in detection engineering, threat hunting, or security operations</li>\n<li>Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel)</li>\n<li>Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration</li>\n<li>Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities</li>\n<li>Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS)</li>\n<li>Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources</li>\n<li>Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar)</li>\n<li>Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences</li>\n<li>Adversarial mindset , understanding how attackers operate to build detections that catch real-world threats</li>\n</ul>\n<p><strong>Preferred Qualifications</strong></p>\n<ul>\n<li>Experience in detection engineering or threat hunting within fintech, financial services, or highly regulated environments</li>\n<li>Background in malware analysis, reverse engineering, or threat research</li>\n<li>Experience with purple team operations , collaborating with offensive security to validate detections</li>\n<li>Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis</li>\n<li>Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows</li>\n<li>Interest in agentic automation , using LLMs to augment hunting, tuning, or triage</li>\n<li>Experience with detection validation tools (Atomic Red Team, ATT&amp;CK Evaluations)</li>\n<li>Contributions to open-source detection content, research, or conference presentations</li>\n<li>Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM</li>\n</ul>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_c2aaf7ac-804","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Stripe","sameAs":"https://stripe.com/","logo":"https://logos.yubhub.co/stripe.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/stripe/jobs/7827230","x-work-arrangement":"remote","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["detection engineering","threat hunting","security operations","SIEM platforms","adversary tradecraft","network-based detections","endpoint-based detections","telemetry analysis","detection/query languages","programming","communication skills"],"x-skills-preferred":["fintech","financial services","malware analysis","reverse engineering","purple team operations","big data platforms","AI/LLM-assisted development tools","agentic automation","detection validation tools","open-source detection content","relevant certifications"],"datePosted":"2026-04-18T15:53:27.161Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Ireland"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"detection engineering, threat hunting, security operations, SIEM platforms, adversary tradecraft, network-based detections, endpoint-based detections, telemetry analysis, detection/query languages, programming, communication skills, fintech, financial services, malware analysis, reverse engineering, purple team operations, big data platforms, AI/LLM-assisted development tools, agentic automation, detection validation tools, open-source detection content, relevant certifications"}]}