Movable Ink is hiring a Security Detection Engineer to strengthen our security monitoring and detection capabilities. To succeed in this role, you'll combine deep technical curiosity with a methodical approach to threat detection, helping protect our platform and the hundreds of enterprise customers who depend on it. This is a hands-on opportunity to own and evolve our detection engineering practice, working closely with our Security Engineering team in NYC. You'll play a critical role in ensuring we can identify and respond to security threats quickly—whether they target our employees, infrastructure, or cloud environments.
Responsibilities:
- Build, tune, and maintain detection rules and alerts in Splunk to identify security threats, suspicious activity, and policy violations
- Reduce alert fatigue by continuously improving detection logic to minimize false positives while maintaining coverage
- Monitor and develop detections for cloud security events across AWS and GCP using our CSPM tooling (Prisma Cloud)
- Collaborate with the Security team to develop detection strategies based on threat intelligence and the MITRE ATT&CK framework
- Investigate alerts and escalate confirmed incidents according to our incident response procedures
- Set up and configure automation scripts and tooling for alert triage, ticket creation, and incident workflows
- Create dashboards and reports to provide visibility into security posture and detection effectiveness
- Document detection logic, runbooks, and response procedures
- Support EDR (CrowdStrike) monitoring and investigate endpoint-related alerts
- Identify opportunities to use Splunk for operational and product monitoring beyond pure security use cases
Qualifications:
- 2+ years of experience in a security operations, detection engineering, or SIEM-focused role
- Hands-on experience writing and tuning SPL queries in Splunk
- Familiarity with common attack techniques and the MITRE ATT&CK framework
- Experience with cloud platforms (AWS or GCP) and understanding of cloud-specific threats
- Exposure to EDR platforms (CrowdStrike preferred) and CSPM tools
- Understanding of log sources such as Okta, Google Workspace, endpoint logs, and network traffic
- Strong analytical and troubleshooting skills with attention to detail
- Clear written and verbal communication skills; ability to document findings and escalate effectively
- Self-motivated and comfortable working autonomously with a distributed team
Studies have shown that women, communities of color, and historically underrepresented people are less likely to apply to jobs unless they meet every single qualification. We are committed to building a diverse and inclusive culture where all Inkers can thrive. If you’re excited about the role but don’t meet all of the abovementioned qualifications, we encourage you to apply. Our differences bring a breadth of knowledge and perspectives that makes us collectively stronger.
We welcome and employ people regardless of race, color, gender identity or expression, religion, genetic information, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, ethnicity, family or marital status, physical and mental ability, political affiliation, disability, Veteran status, or other protected characteristics. We are proud to be an equal opportunity employer.
