Staff Security Engineer - Security Data, Detection and Automation

Description

Summary: Nscale is seeking a Senior Staff Engineer to build and enhance security telemetry, detection, and automation capabilities for their GPU cloud engineered for AI. Highlights: 1. Opportunity to build the technology that powers the future of AI infrastructure 2. Strategic and measurable impact on security outcomes, not just alerts 3. Collaborative, supportive, and innovative environment with real impact **About Nscale** ---------------- Nscale is the GPU cloud engineered for AI. We provide cost\-effective, high\-performance infrastructure for AI start\-ups and large enterprise customers. Nscale enables AI\-focused companies to achieve superior results by reducing the complexity of AI development. Our GPU cloud bolsters technical capabilities and directly supports strategic business outcomes, including cost management, rapid innovation, and environmental responsibility. We thrive on a culture of relentless innovation, ownership, and accountability, where every team member takes pride in their work and drives it with excellence and urgency. As an Nscaler, you’ll build trust through openness and transparency, where everyone is inspired to do their best work. If you join our team, you’ll be contributing to building the technology that powers the future. **About the Role** ------------------ We are hiring a **Senior Staff Engineer \- Security Data, Detection and Automation** to build the telemetry, detection, response automation, case\-quality metrics, and reporting foundation for an increasingly Nscale\-owned SOC capability. This role sits at the intersection of **security engineering, data engineering, detection engineering, and security operations**. You will work across endpoint, identity, SaaS, cloud, network, vulnerability, and production access domains, partnering closely with security leadership as well as adjacent teams shaping identity and vulnerability management requirements. Your impact will be strategic and measurable. The focus is **not to create more alerts**, but to turn raw telemetry into **reliable, explainable, high\-signal security outcomes** that strengthen internal ownership of detection logic, containment decisions, runbooks, executive metrics, case quality, and automation. **What you'll be doing** ------------------------ **Security Telemetry and Data Foundations** * **Design** security telemetry architecture across endpoint security, security analytics, identity platforms, SaaS systems, cloud platforms, vulnerability tools, endpoint inventory, and production access systems. * **Build** a telemetry source map covering ownership, data quality, retention, coverage, priority use cases, and known gaps. * **Establish** data quality, parser quality, ingestion health, field normalization, and source ownership standards. * **Create** daily source\-health reporting and scoring for SIEM or security analytics data quality. **Detection Engineering and Threat Coverage** * **Own** the detection engineering lifecycle from hypothesis and data source selection through logic, testing, tuning, ownership, runbook, expiry, and metrics. * **Define** high\-value detection use cases across identity, endpoint, SaaS, cloud, and production access. * **Develop** detections with documented test logic, runbooks, data dependencies, and case\-quality criteria. * **Apply** TTP\-led threat modeling across corporate, cloud, production, identity, SaaS, endpoint, insider, and AI\-agent risk scenarios. * **Validate** detection coverage through attack simulation or other coverage\-testing approaches. **Automation and Operational Improvement** * **Build** SOAR and automation workflows that enrich alerts, suppress low\-value noise, route cases, and improve analyst decision\-making. * **Design** scalable data pipelines, enrichment flows, and automations that improve operational quality. * **Implement** detection\-as\-code or version\-controlled detection content where practical. * **Use** automation to improve the consistency, explainability, and actionability of security outcomes. **SOC Performance and Reporting** * **Measure** MDR/SOC performance using case\-quality metrics such as false positive rate, time to triage, time to containment, evidence completeness, and escalation quality. * **Create** a MDR/SOC case\-quality review loop for internal and external stakeholders. * **Produce** security dashboards and executive reporting that connect security operations to measurable risk reduction. * **Improve** alert explainability so analysts and leaders can understand why detections fired and what actions matter most. **Cross\-Functional Partnership** * **Partner** with security leadership to strengthen internal ownership of detection logic, containment decisions, runbooks, executive metrics, and automation. * **Collaborate** with Identity and Vulnerability Management hires to define production\-access, privileged\-access, and exposure\-driven detection requirements. * **Connect** engineering and operational stakeholders around shared standards for telemetry quality, response workflows, and detection effectiveness. **KPIs** -------- * **False positive rate** * **Time to triage** * **Time to containment** * **Evidence completeness and escalation quality** **About You** ------------- * **8\+ years** in detection engineering, security data engineering, SIEM engineering, security automation, incident response engineering, or similar roles. * Strong hands\-on experience with **SIEM, security analytics, log management, or detection platforms**. * Strong ability in **coding, scripting, querying, or detection\-content development**. * Experience building detection logic from **host, identity, cloud, SaaS, network, DNS, proxy, EDR, vulnerability, or application telemetry**. * Experience with **detection testing, threat hunting, incident response, alert tuning, and runbook development**. * Ability to design **scalable data pipelines, enrichment flows, or automations**. * Strong understanding of **attacker TTPs, MITRE ATT\&CK, identity attacks, cloud attacks, endpoint telemetry, and insider\-threat indicators**. * Experience with **SOAR, case management, detection\-as\-code, GitOps, CI/CD, or automated detection testing** is preferred. * Experience measuring **MDR, SOC, or managed detection provider performance** is preferred. * Experience using **AI or agentic workflows** to improve triage, enrichment, investigation, or detection validation with guardrails is preferred. **What we can offer you** ------------------------- At Nscale, you'll find a collaborative, supportive, and innovative environment where your contributions spark real impact. We're building something extraordinary, and we want you at the core. Highly competitive US compensation package (base \+ bonus \+ equity), with performance reviews every 12 months. Join one of the fastest\-growing AI infrastructure companies — your chance to directly shape how global AI capacity is planned and deployed. ✨ Expect a dynamic progression plan tailored to your ambitions. Grow by leading critical cross\-functional initiatives and shaping capital strategy — always with our full support. Human\-First Flexibility: We treat you as humans first. Our flexible workplace trusts Nscalers to deliver, giving you the autonomy to shape your day around life's moments. **Equal Opportunities Statement** --------------------------------- We strongly encourage applications from people of colour, the LGBTQ\+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio\-economic backgrounds. If there’s anything we can do to accommodate your specific situation, please let us know. The responsibilities outlined in this job description are not exhaustive and are intended to provide a general overview of the position. The employee may be required to perform additional duties, tasks, and responsibilities as assigned by management, consistent with the skills and qualifications required for the role. **Salary Range** ---------------- The range below reflects the base salary for the position. Actual compensation may vary based on job\-related factors such as skill set, experience, education, and location. In addition to base salary, this role may be eligible for bonus, equity, and/or commission programs. Nscale may offer a competitive benefits package including medical, dental, vision, flexible paid time off, parental leave, and retirement plan participation. The range below reflects the base salary for the position. Actual compensation may vary based on job\-related factors such as skill set, experience, education, and location. In addition to base salary, this role may be eligible for bonus, equity, and/or commission programs. Nscale may offer a competitive benefits package including medical, dental, vision, flexible paid time off, parental leave, and retirement plan participation. Salary Range $180,000 \- $230,000 USD