26 may
|
SenseOn
|
Buenos Aires
26 may
SenseOn
Buenos Aires
Postúlate en Kit Empleo: kitempleo.com.ar/empleo/q40z9
SenseOn is building the next generation of security operations, one where AI doesn't just assist analysts but actively drives detection engineering.
We're looking for a Security Engineer who can do two things simultaneously: write high-quality detection rules that stop real adversaries today, and help us build the platform infrastructure that lets AI write and evolve those rules tomorrow.The threat landscape is shifting in kind.
Adversaries are increasingly using AI to accelerate attack development, automate reconnaissance, generate convincing phishing at scale, and adapt tradecraft faster than traditional detection cycles can follow.
We need someone who understands this emerging class of AI-driven attacks, and can build detections that are specifically designed to identify their signatures: anomalous automation patterns, LLM-generated content in phishing chains, unusually fast and broad enumeration, and AI-assisted lateral movement.
Detecting AI requires thinking like AI.This is not a pure analyst role.
It is not a pure developer role.
It's the bridge between them and the person who builds that bridge.What You'll Actually Be DoingDetection Engineering (The Foundation)Author and maintain detection rules across SenseOn's dual-engine architecture:Real-time streaming detections evaluated in milliseconds, written as YAML compiled to binary rulesetsBatch behavioral detections backed by parameterised ClickHouse SQL, running on a seconds-to-minutes cadenceWrite aggregations and materialised views in ClickHouse that power statistical anomaly baselinesBuild and extend our hunting query library.
MITRE-mapped ClickHouse queries that analysts use daily for threat huntingMap every rule precisely to MITRE ATT&CK; techniques and tactics, including subtechnique granularityInstrument your own rules: measure false positive rates, define confidence scores, build test datasets, and own the quality of what shipsTune detections against real-world telemetry.
Understanding why a rule fires is as important as making it fireAI-Driven Detection Platform (The Mission)Extend our existing LLM driven rule writing engine to have much wider coverageDesign and build pipelines where LLMs can propose detection rules from threat intelligence, CVE disclosures, or analyst hunt findings, with structured output, YAML validation, and human-in-the-loop approval gatesBuild feedback loops: when a detection fires or produces a false positive, that signal should flow back to improve future AI-generated rulesDefine the prompt engineering and evaluation harness for detection generation.
Pass@k metrics, FP/TP scoring, MITRE alignment validationWork with engineering to make the detection data model AI-legible: schemas, annotations, and context structures that LLMs can reason over reliablyThink about our hunting interface: how does an analyst describe a threat in natural language and get a validated ClickHouse query back?
The Technical StackYou don't need to be expert-level across all of this on day one.
But you need to be comfortable working in it and honest about where you'll need to ramp.RequirementsWhat We're Looking ForEssential3+ years writing detection content: SIEM rules, EDR detections, YARA, Sigma, or equivalent; you understand the craft of reducing noise without missing signalsStrong working knowledge of MITRE ATT&CK;: Not just citing technique IDs but reasoning about adversary tradecraft and tactic chainingSQL proficiency: You write analytical queries comfortably and understand how query performance affects detection latency at scaleHands-on experience with LLMs in a production or engineering context: You've written prompts, evaluated outputs, and built something that used an LLM API (not just chatted with one)Python fluency: Enough to read, write, and debug the kind of Python that runs detection pipelines, builds API endpoints, and processes security telemetryAbility to evaluate AI-generated output critically: You understand where LLMs hallucinate in security contexts and how to build guardrailsClear,
precise written communication in English: Detection rules, prompt templates, and eval criteria all live in textStrong AdvantageExperience with ClickHouse or other columnar / OLAP databasesFamiliarity with Protocol Buffers or binary serialisation formatsBackground in threat hunting: Building hypotheses, writing queries, and operationalising findings as detectionsExperience designing or contributing to AI evaluation frameworks (eval harnesses, golden datasets, pass@k scoring)Exposure to network or endpoint telemetry at volume: DNS, NTLM, Kerberos, process execution, network flowsPrior work at a security vendor, MDR, or SOC where detection quality had direct customer impactWhat We OfferThe opportunity to define how AI-native detection engineering actually works in practice: Not as a future roadmap item, but as your primary jobA platform with real telemetry, real adversarial signals, and real stakes: Your rules protect organisationsDirect collaboration with engineering on the product infrastructure your workflow depends onA team that treats documentation and knowledge capture as engineering hygiene, not overheadSenseOn offers unlimited access to the latest LLM models for experimentation and research.
Be at the bleeding edge of AI development as part of your roleThe creation of new attack vectors is soon to become even more of a machine scale problem thanks to LLM's, SenseOn will build the machine scale solution to Detection & ResponseA Note on What This Role Is NotThis is not a role for someone who wants to write detections by day and leave AI integration to "the ML team."
There is no ML team: You are the person who bridges these two capabilities.
Equally, it's not a role for a pure AI engineer who has never tuned a real detection against adversarial telemetry.
Both halves matter equally.BenefitsWhat we'll offer you: Competitive salaryUnlimited holiday allowanceBi-annual career progression review Learning and development investment (certs, conferences, etc)Work MacBook Belong at SenseOn:At SenseOn, we define Talent as employees who are ?? customer obsessed, pursuing excellence.
They are
Postúlate en Kit Empleo: kitempleo.com.ar/empleo/q40z9
📌 Security Engineer - Argentina (Buenos Aires)
🏢 SenseOn
📍 Buenos Aires