Senior Threat Detection Engineer - Intelligence

We’re looking for a Senior Threat Detection & Intelligence Engineer to help us understand how adversaries operate, detect meaningful threats early, and lead investigations when it matters most. This role sits at the intersection of threat intelligence, detection engineering, and incident investigation with an engineering-first mindset.

If you enjoy turning messy signals into clear attacker narratives, this role is for you.

The Cloud Security & Detection & Response (CSDR) team protects Miro by staying ahead of credible threats. We focus on:

• Translating external threat intelligence into actionable detections

• Building custom, high-fidelity detections for cloud and SaaS environments

• Leading complex investigations and incident response

• Partnering with engineering to drive security by design

We care about context, signal quality, and attacker intent not alert volume.

• Track emerging threats, attacker techniques, and campaigns relevant to cloud and SaaS

• Turn threat intelligence into practical detection strategies and attack hypotheses

• Design and maintain context-aware detections across cloud, identity, and application layers

• Lead deep investigations, from first signal to root cause and remediation

• Act as a technical lead during security incidents, guiding response and decision-making

• Analyze detection and investigation trends to improve preventative controls

• Partner with engineering teams to raise security maturity across the organization

This role is a great fit if you:

• Think in attacker TTPs, not just alerts or dashboards

• Enjoy investigating ambiguous signals and turning them into clear conclusions

• Have experience in threat intelligence, threat hunting, or security investigations

• Care about why something is happening, not just what fired

• Want to build detection programs that evolve with the threat landscape

• Are comfortable explaining technical risk in business terms

This role is not a fit if you’re mainly focused on compliance, policy writing, or managing vendors.

• 5–7 years in security, with 2+ years in threat detection, threat intelligence, or investigations

• Experience in cloud-native SaaS environments (AWS strongly preferred)

• Strong investigation skills and ability to analyze attacker behavior

• Experience using threat intelligence to inform detection and response

• Proficiency in Python and comfort automating security workflows

• Experience querying large datasets (SQL or similar)

• Familiarity with cloud security telemetry, logging, and detection platforms

• Solid understanding of incident response and digital forensics

• Experience with Infrastructure as Code (Terraform or similar)

• You’ll help define how threat intelligence is used, not just consume it

• You’ll work on real attacker behavior, not checkbox security

• You’ll have room to build, experiment, and improve detection capabilities

• You’ll partner closely with engineers who value security as an engineering problem

We want you to feel supported, connected, and ready to grow. Our global benefits package generally includes equity, a wellbeing benefit, a WFH equipment allowance, and an annual Learning & Development stipend. Join a diverse team where you can do your best work. Full benefits may differ per location. If you would like to learn more about location-specific benefits, please refer to our Global Miro benefits board.

Recruiter: #LI-MH1