Senior Threat Detection Engineer - Intelligence

Department:

Engineering

Locations:

Austin

Job Requisition ID:

JR001119

About the Team

The Cloud Security & Detection & Response (CSDR) team protects Miro by staying ahead of credible threats.
Focus areas include translating external threat intelligence into actionable detections, building custom high-fidelity detections for cloud and SaaS environments, leading complex investigations and incident response, and partnering with engineering to drive security by design.
Emphasis on context, signal quality, and attacker intent rather than alert volume.

What You’ll Do

Track emerging threats, attacker techniques, and campaigns relevant to cloud and SaaS.
Turn threat intelligence into practical detection strategies and attack hypotheses.
Design and maintain context-aware detections across cloud, identity, and application layers.
Lead deep investigations from first signal to root cause and remediation.
Act as a technical lead during security incidents, guiding response and decision-making.
Analyze detection and investigation trends to improve preventative controls.
Partner with engineering teams to raise security maturity across the organization.

Who This Role Is For

Candidates who think in attacker TTPs (Tactics, Techniques, Procedures), not just alerts or dashboards.
Those who enjoy investigating ambiguous signals into clear conclusions.
Experience in threat intelligence, threat hunting, or security investigations required.
Focus on understanding why something is happening rather than just what fired.
Interested in building detection programs that evolve with the threat landscape.
Comfortable explaining technical risk in business terms.
Not suitable for those mainly focused on compliance, policy writing, or managing vendors.

What We’re Looking For

5–7 years in security with 2+ years in threat detection, threat intelligence, or investigations.
Experience in cloud-native SaaS environments (AWS strongly preferred).
Strong investigation skills and ability to analyze attacker behavior.
Experience using threat intelligence to inform detection and response.
Proficiency in Python and comfort automating security workflows.
Experience querying large datasets (SQL or similar).
Familiarity with cloud security telemetry, logging, and detection platforms.
Solid understanding of incident response and digital forensics.
Experience with Infrastructure as Code (Terraform or similar).

Why You’ll Love This Role

Opportunity to define how threat intelligence is used rather than just consume it.
Work on real attacker behavior instead of checkbox security.
Room to build, experiment, and improve detection capabilities.
Close partnership with engineers who value security as an engineering problem.

What’s In It for You (US)

Competitive salary + equity (estimated range $150,000 to $170,000 specific to Austin). Final compensation based on skills and experience.
401(k) with matching.
Excellent Medical, Dental & Vision coverage.
Fertility & family-forming benefits.
Flexible time off.
Lunch, snacks, and drinks in the office.
Wellbeing stipend + WFH equipment allowance.
Annual learning & development budget.
Up to $2,000/year charitable donation matching.

About Miro

Miro is a visual workspace for innovation enabling distributed teams of any size to collaborate effectively; co-headquartered in San Francisco and Amsterdam; founded in 2011; over 1,600 employees globally.

Additional Notes

The role supports FedRAMP-related responsibilities requiring U.S citizenship under federal regulations; based in Austin location; application requires confirmation of U.S citizenship.

Application Process Overview

1) Recruiter Screen - 30 min interview about skills and motivation; 2) Hiring Manager Interview - 90–120 min assessing experience and cultural fit; 3) Skill Assessment - interactive presentation based on case study/business problem; 4) Meet the Team - cross-functional stakeholders interview; 5) Leadership Round - discussion about company values and vision.