Incident Detection Engineer

At Blumira, our mission is to make detection and response fast, simple, and accessible - especially for small and medium-sized businesses that have too often been overlooked, priced out, or underserved by existing security solutions. By protecting them, we’re also protecting their customers and helping make the internet a safer place for everyone.

We’ve built a powerful platform, assembled a strong team, and we’re focused on delivering practical, effective security that meets the real-world needs of our customers. To keep moving forward, we’re looking for curious, driven individuals—like you!

Join a collaborative, inclusive team that values your unique perspective and supports your growth as you help strengthen our detection capabilities. You’ll learn and grow alongside experienced SaaS security leaders while making a meaningful impact as we continue to evolve and scale Blumira’s Incident Detection Engineering team.

Are you passionate about applying your hands-on cybersecurity experience to uncover meaningful insights and identify potential risks in operational data? Do you enjoy building environments for testing, research, and exploration—where experimentation is encouraged and learning is part of the process? If you’re eager to approach security challenges with curiosity and creativity, you’ll feel right at home on Blumira’s Incident Detection Engineering team.

This role gives you the opportunity to go deep on security challenges while applying a broad range of technical skills to solve diverse problems. Blumira ingests data from a wide variety of sources—from traditional firewalls to modern cloud APIs—and your ability to provide context and clarity across this range will help us deliver real value to our customers.

Success in this role requires a high level of attention to detail—whether you're analyzing log data, simulating threats, or fine-tuning detection logic, precision is key to building reliable and effective detections. You’ll be responsible for building and maintaining research and testing environments, monitoring and improving the performance of existing detections, and creating new ones based on evolving attacker behaviors. Staying on top of the latest adversary tactics, techniques, and procedures (TTPs) is a core part of the role and critical to fueling our detection pipeline.

• Design and implement new detections and remediation logic based on evolving attacker tactics, techniques, and procedures (TTPs).
• Monitor, evaluate, and optimize the performance and accuracy of existing detections.
• Collaborate with teammates to design, build, automate, and manage detection engineering tools and testing environments.
• Provide configuration recommendations to improve the visibility and quality of ingested logs.
• Develop and maintain standards for log ingestion and device/service configurations to ensure consistent and reliable data intake, in partnership with engineering teams.
• Support Security Operations, Technical Account Management, and Sales Engineering teams by responding to inquiries related to configuration and setup.
• Champion best practices that benefit both system administrators and non-security use cases, strengthening our role as practitioners for the broader IT community.

• Strong problem-solving skills with a technical foundation in operating systems (Linux, Windows, macOS), networking, cloud environments (AWS, GCP, Azure), or data analysis.
• Clear and effective communicator, capable of collaborating across teams and translating technical concepts for diverse audiences.
• Familiarity with query languages such as SQL, KQL, SPL, or similar tools used for data exploration and analysis.
• Proficient in working with structured data formats like JSON and YAML, including reading, interpreting, and modifying configuration or detection rule files.
• Hands-on experience with Python, Bash scripting, or a similar scripting language. Familiarity with APIs, and a solid understanding of the MITRE ATT&CK framework.
• Prior experience in incident response, threat hunting, digital forensics, or detection engineering is a strong plus.

• Start-up experience
• SIEM/EDR/Detection & Response platform experience

• Competitive compensation and stock equity plan
• Unlimited PTO
• A flexible work environment that supports working from home
• Comprehensive benefits package that includes medical, dental, vision, and life insurance, as well as 401(k)

Salary: $110,000 - $130,000

Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Please note that this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time, with or without notice.

This position requires prolonged periods of sitting at a desk and working on a computer.

This position may require occasional travel. The frequency and duration of travel will vary depending on business needs.

Blumira is an inclusive employer. We are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, creed, sex, sexual orientation, gender identity or expression, age, religion, national origin, citizenship status, disability, ancestry, marital status, veteran status, medical condition or any protected category prohibited by local, state or federal laws.