Job Title: Senior AI Threat Detection Engineer
Location: Malvern, PA Primary | Plano, TX Secondary Option
Position W2
Job Description
We are seeking a Senior AI Threat Detection Engineer to support Security Operations Center modernization initiatives. The ideal candidate will have strong experience in SOC operations, detection engineering, cloud security, automation, and hands-on programming. This role will focus on developing AI-driven security capabilities, improving threat detection, automating SOC workflows, and building secure, scalable solutions using modern engineering practices.
The consultant will work closely with security engineering, SOC, platform, and cross-functional teams to design and implement AI-enabled solutions that improve incident response, reduce manual effort, and strengthen overall security operations.
Key Responsibilities
-
Lead response efforts for escalated cybersecurity alerts, incidents, and security investigations.
-
Analyze complex attack patterns in real time and recommend effective mitigation strategies.
-
Develop, maintain, and enhance detection logic, alerts, rules, policies, and signatures across security platforms.
-
Support monitoring and detection of cyber threats, vulnerabilities, risks, and threat actor tactics, techniques, and procedures.
-
Build and enhance AI agents to streamline SOC operations and improve analyst efficiency.
-
Design and optimize prompts, workflows, and use cases for LLM-based security solutions.
-
Build APIs, integrations, and automation workflows to support AI-driven threat detection capabilities.
-
Develop clean, maintainable, production-ready code following engineering best practices.
-
Implement safeguards, controls, and responsible AI practices for secure AI usage within security operations.
-
Evaluate emerging AI, GenAI, and automation technologies and recommend improvements for SOC modernization.
-
Collaborate with SOC, security engineering, cloud, platform, and application teams to deliver scalable AI-enabled solutions.
-
Support deployment and continuous improvement of AI agents across SOC use cases.
-
Mentor junior team members and help improve overall technical capability within the team.
-
Participate in special security projects and support additional responsibilities as needed.
Required Qualifications
-
4+ years of hands-on programming or scripting experience using Python, Java, Shell, or similar languages.
-
5+ years of experience working with cloud platforms such as AWS or Microsoft Azure.
-
4+ years of experience building or supporting automation solutions such as SOAR, GitHub workflows, CI/CD automation, or similar platforms.
-
4+ years of experience working with security technologies or supporting SOC/security operations.
-
5+ years of exposure to SIEM platforms, detection engineering, or security monitoring concepts.
-
Strong understanding of security telemetry, including logs, alerts, endpoint data, network data, and cloud security data.
-
Experience supporting incident response, threat detection, alert tuning, and security investigation workflows.
-
Exposure to AI, GenAI, LLM-based solutions, or AI agent development.
-
Strong API integration, automation, and workflow development experience.
-
Ability to work with cross-functional teams and communicate technical findings clearly.
Preferred Skills
-
Hands-on experience developing AI or GenAI solutions for cybersecurity use cases.
-
Experience with prompt engineering, AI agents, and LLM-based workflow automation.
-
Experience with SOAR platforms and security orchestration.
-
Knowledge of MITRE ATT&CK, threat actor TTPs, and modern detection engineering practices.
-
Experience with cloud security monitoring, security data pipelines, and scalable automation frameworks.
-
Strong understanding of responsible AI, security controls, and risk mitigation for AI-based systems.
Ideal Candidate
The ideal candidate is a senior-level security engineer with strong programming, cloud, automation, and SOC experience. They should be comfortable building AI-driven security solutions, working with security telemetry, improving detection workflows, and collaborating with engineering teams to deliver production-ready capabilities.