Security Detection Engineer

Movable Ink is hiring a Security Detection Engineer to strengthen our security monitoring and detection capabilities. To succeed in this role, you'll combine deep technical curiosity with a methodical approach to threat detection, helping protect our platform and the hundreds of enterprise customers who depend on it. This is a hands-on opportunity to own and evolve our detection engineering practice, working closely with our Security Engineering team. You'll play a critical role in ensuring we can identify and respond to security threats quickly—whether they target our employees, infrastructure, or cloud environments.

Responsibilities:

• Build, tune, and maintain detection rules and alerts in Splunk to identify security threats, suspicious activity, and policy violations
• Reduce alert fatigue by continuously improving detection logic to minimize false positives while maintaining coverage
• Monitor and develop detections for cloud security events across AWS and GCP using our CSPM tooling (Prisma Cloud)
• Collaborate with the Security team to develop detection strategies based on threat intelligence and the MITRE ATT&CK framework
• Investigate alerts and escalate confirmed incidents according to our incident response procedures
• Set up and configure automation scripts and tooling for alert triage, ticket creation, and incident workflows
• Create dashboards and reports to provide visibility into security posture and detection effectiveness
• Document detection logic, runbooks, and response procedures
• Support EDR (CrowdStrike) monitoring and investigate endpoint-related alerts
• Identify opportunities to use Splunk for operational and product monitoring beyond pure security use cases

Qualifications:

• 2+ years of experience in a security operations, detection engineering, or SIEM-focused role
• Hands-on experience writing and tuning SPL queries in Splunk
• Familiarity with common attack techniques and the MITRE ATT&CK framework
• Experience with cloud platforms (AWS or GCP) and understanding of cloud-specific threats
• Exposure to EDR platforms (CrowdStrike preferred) and CSPM tools
• Understanding of log sources such as Okta, Google Workspace, endpoint logs, and network traffic
• Strong analytical and troubleshooting skills with attention to detail
• Clear written and verbal communication skills; ability to document findings and escalate effectively
• Self-motivated and comfortable working autonomously with a distributed team

The base pay range for this position is $110,000-$130,000/year, which can include additional bonus depending on the position ultimately offered, in addition to a full range of medical, financial, and/or other benefits. The base pay offered may vary depending on job-related knowledge, skills, and experience.