SenseOn

• Own the full technical lifecycle of a customer deployment, from initial architecture review through to live production, ongoing integration development, and long-term platform health. • Build cloud integrations. • Write and tune detection rules in SIEMs. • Debug customer environments. • Ensure that every customer you touch becomes a SenseOn advocate. • Work with the Customer Success team to build the technical business cases that win renewals and drive expansion.

• SenseOn is looking for a Forward Deployed Engineer to sit at the intersection of security engineering, software development, and customer success. • You will be the person who makes SenseOn work, in the real world, for real customers. • Embed directly with customers to deploy and configure the SenseOn platform, develop custom integrations, and ensure that every customer derives measurable security value as quickly as possible. • Own the full technical lifecycle of a customer deployment, from initial architecture review through to live production, ongoing integration development, and long-term platform health. • Write production-quality software to build and maintain integrations across third-party security tools, SIEMs, identity platforms, and AWS, Azure, and GCP environments. • Lead end-to-end SenseOn platform deployments and complex log ingestion rollouts without customer disruption. • Provide the technical evidence base and build business cases for renewals and expansions. • Develop deep relationships with customer security leadership, acting as a trusted adviser across their security architecture. • Collaborate with Sales Engineering to ensure continuity from pre-sale technical validation through to post-sale deployment.

• Build and maintain internal GTM services and automations that support pipeline creation and customer workflows (e.g., routing, enrichment, scoring, orchestration, CRM write-backs). • Extend and improve our internal agent stack (Apex) and the workflows that power it. • Use Codex, Claude Code, and Gemini to accelerate delivery, while maintaining strong QA and correctness. • Build and maintain production-grade integrations via APIs and event-driven patterns (e.g., webhooks). • Create and maintain automated build/test/deploy pipelines (CI/CD) so changes ship safely and repeatably (e.g., GitHub Actions or equivalent). • Improve reliability and observability (logs/metrics), and debug issues pragmatically when things break. • Communicate clearly in writing: what you built, why it works, how to use it, and how to troubleshoot it. • Build with a security-first mindset: least privilege, safe secrets handling, auditability, defensive defaults.

• Author and maintain detection rules across SenseOn's dual-engine architecture: • Real-time streaming detections evaluated in milliseconds, written as YAML compiled to binary rulesets • Batch behavioral detections backed by parameterised ClickHouse SQL, running on a seconds-to-minutes cadence • Write aggregations and materialised views in ClickHouse that power statistical anomaly baselines • Build and extend our hunting query library. MITRE-mapped ClickHouse queries that analysts use daily for threat hunting • Map every rule precisely to MITRE ATT&CK techniques and tactics, including subtechnique granularity • Instrument your own rules: measure false positive rates, define confidence scores, build test datasets, and own the quality of what ships • Tune detections against real-world telemetry. Understanding why a rule fires is as important as making it fire • Extend our existing LLM driven rule writing engine to have much wider coverage • Design and build pipelines where LLMs can propose detection rules from threat intelligence, CVE disclosures, or analyst hunt findings, with structured output, YAML validation, and human-in-the-loop approval gates • Build feedback loops: when a detection fires or produces a false positive, that signal should flow back to improve future AI-generated rules • Define the prompt engineering and evaluation harness for detection generation. Pass@k metrics, FP/TP scoring, MITRE alignment validation • Work with engineering to make the detection data model AI-legible: schemas, annotations, and context structures that LLMs can reason over reliably • Think about our hunting interface: how does an analyst describe a threat in natural language and get a validated ClickHouse query back?