Principal Threat Detection Engineer
Join to apply for the Principal Threat Detection Engineer role at Latinx in AI (LXAI).
About The Team
The Detection Engineering team operates on a "detections-as-code" philosophy. We build high‑fidelity alerts and maintain a full portfolio of security engineering projects, including automation frameworks, data pipelines, and AI agents to assist with security tasks.
About The Role
As a Principal Threat Detection Engineer, you will be the most senior technical member of the team and the engineering anchor for our Dublin presence. You'll set the technical direction for complex initiatives, mentor engineers, and manage the full lifecycle of security products.
What You'll Do
Lead Platform Architecture & "Detections-as-code" Strategy: design scalable workflow patterns for integrating security tools (CSPM, EDR, DLP, etc.) and architect solutions for complex environments. Own detection lifecycle, migrate CI/CD infrastructure, build platform monitoring, and create integrated visualizations.
Spearhead Advanced Detection Strategy: lead development of Risk‑Based Alerting (RBA) and apply advanced statistical and machine learning techniques to data.
Drive Alert Fidelity & Partner with SIRT: conduct data‑driven analysis of alert closure and fidelity to identify noise patterns and remediate them, improving alert quality.
Mentor and Develop Talent: guide engineers and interns, perform code reviews, and foster team growth and onboarding.
Be a Prolific Detection Creator & Researcher: lead threat research, evaluate open‑source detections, translate threat intelligence into production‑ready detections, and contribute significantly to the team’s most critical rules.
About You
Basic Qualifications
8+ years in Detection Engineering, Cybersecurity, or a related SRE/DevOps role with a security focus.
5+ years expert‑level experience with Python (or similar) for automation, data manipulation, and systems development.
Expert knowledge of large‑scale SIEM platforms (Splunk, Elasticsearch), including query language, data modeling, and performance optimization.
Experience designing, building, and maintaining CI/CD pipelines and a "detections‑as‑code" or "infrastructure‑as‑code" workflow.
Deep expertise in public cloud security (AWS, GCP) and native logging services.
BS or MS degree in Computer Science, Engineering, or equivalent practical experience.
Other Qualifications
Hands‑on experience developing, testing, and responding to threat actor TTPs, applying knowledge to detection development, threat hunting, and gap analysis.
Significant experience with detection capabilities of modern security tools such as EDR, CSPM, IDP, and network security platforms.
Proven mentoring of junior‑ and mid‑level engineers.
Experience applying statistical analysis, machine learning, or RBA to detection problems.
Strong understanding of containerization and orchestration (Docker, Kubernetes) and their security considerations.
Proactive, solution‑oriented mindset with history of designing automated solutions and shipping production code.
Our Approach to Flexible Work
We combine in‑person time and remote work. Our policy requires spending at least 50% of quarterly time in the office or in the field with customers and partners. Remote “home office” roles may also gather in offices for important events.
Privacy and Security
At Workday, we value our candidates’ privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers. Please be aware of sites that may ask you to input your data in connection with a job posting that appears to be from Workday but is not. Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Engineering and Information Technology
#J-18808-Ljbffr