We’re looking for a Senior Threat Detection & Intelligence Engineer to help us understand how adversaries operate, detect meaningful threats early, and lead investigations when it matters most. This role sits at the intersection of threat intelligence, detection engineering, and incident investigation with an engineering-first mindset.

If you enjoy turning messy signals into clear attacker narratives, this role is for you.

About the Team

The Cloud Security & Detection & Response (CSDR) team protects Miro by staying ahead of credible threats. We focus on:

Translating external threat intelligence into actionable detections
Building custom, high-fidelity detections for cloud and SaaS environments
Leading complex investigations and incident response
Partnering with engineering to drive security by design

We care about context, signal quality, and attacker intent not alert volume.

What You’ll Do

Track emerging threats, attacker techniques, and campaigns relevant to cloud and SaaS
Turn threat intelligence into practical detection strategies and attack hypotheses
Design and maintain context-aware detections across cloud, identity, and application layers
Lead deep investigations, from first signal to root cause and remediation
Act as a technical lead during security incidents, guiding response and decision-making
Analyze detection and investigation trends to improve preventative controls
Partner with engineering teams to raise security maturity across the organization

Who This Role Is For

This role is a great fit if you:

Think in attacker TTPs, not just alerts or dashboards
Enjoy investigating ambiguous signals and turning them into clear conclusions
Have experience in threat intelligence, threat hunting, or security investigations
Care about why something is happening, not just what fired
Want to build detection programs that evolve with the threat landscape
Are comfortable explaining technical risk in business terms

This role is not a fit if you’re mainly focused on compliance, policy writing, or managing vendors.

What We’re Looking For

5–7 years in security, with 2+ years in threat detection, threat intelligence, or investigations
Experience in cloud-native SaaS environments (AWS strongly preferred)
Strong investigation skills and ability to analyze attacker behavior
Experience using threat intelligence to inform detection and response
Proficiency in Python and comfort automating security workflows
Experience querying large datasets (SQL or similar)
Familiarity with cloud security telemetry, logging, and detection platforms
Solid understanding of incident response and digital forensics
Experience with Infrastructure as Code (Terraform or similar)

Why You’ll Love This Role

You’ll help define how threat intelligence is used, not just consume it
You’ll work on real attacker behavior, not checkbox security
You’ll have room to build, experiment, and improve detection capabilities
You’ll partner closely with engineers who value security as an engineering problem

What's in it for you

We want you to feel supported, connected, and ready to grow. Our global benefits package generally includes equity, a wellbeing benefit, a WFH equipment allowance, and an annual Learning & Development stipend. Join a diverse team where you can do your best work. Full benefits may differ per location. If you would like to learn more about location-specific benefits, please refer to our Global Miro benefits board.

Recruiter: #LI-MH1