We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Security Engineer - Argentina at SenseOn. SenseOn is building the next generation of security operations, one where AI doesn't just assist analysts but actively drives detection engineering. We're looking for a Security Engineer who can do two things simultaneously: write high-quality detection rules that stop real adversaries today, and help us build the platform infrastructure that lets AI write and evolve those rules tomorrow.. The threat landscape is shifting in kind. Adversaries are increasingly using AI to accelerate attack development, automate reconnaissance, generate convincing phishing at scale, and adapt tradecraft faster than traditional detection cycles can follow. We need someone who understands this emerging class of AI-driven attacks, and can build detections that are specifically designed to identify their signatures: anomalous automation patterns, LLM-generated content in phishing chains, unusually fast and broad enumeration, and AI-assisted lateral movement. Detecting AI requires thinking like AI.. This is not a pure analyst role. It is not a pure developer role. It's the bridge between them and the person who builds that bridge.. What You'll Actually Be Doing. Detection Engineering (The Foundation). Author and maintain detection rules across SenseOn's dual-engine architecture:. Real-time streaming detections evaluated in milliseconds, written as YAML compiled to binary rulesets. Batch behavioral detections backed by parameterised ClickHouse SQL, running on a seconds-to-minutes cadence. Write aggregations and materialised views in ClickHouse that power statistical anomaly baselines. Build and extend our hunting query library. MITRE-mapped ClickHouse queries that analysts use daily for threat hunting. Map every rule precisely to MITRE ATT&CK techniques and tactics, including subtechnique granularity. Instrument your own rules: measure false positive rates, define confidence scores, build test datasets, and own the quality of what ships. Tune detections against real-world telemetry. Understanding why a rule fires is as important as making it fire. AI-Driven Detection Platform (The Mission). Extend our existing LLM driven rule writing engine to have much wider coverage. Design and build pipelines where LLMs can propose detection rules from threat intelligence, CVE disclosures, or analyst hunt findings, with structured output, YAML validation, and human-in-the-loop approval gates. Build feedback loops: when a detection fires or produces a false positive, that signal should flow back to improve future AI-generated rules. Define the prompt engineering and evaluation harness for detection generation. Pass@k metrics, FP/TP scoring, MITRE alignment validation. Work with engineering to make the detection data model AI-legible: schemas, annotations, and context structures that LLMs can reason over reliably. Think about our hunting interface: how does an analyst describe a threat in natural language and get a validated ClickHouse query back?. The Technical Stack. You don't need to be expert-level across all of this on day one. But you need to be comfortable working in it and honest about where you'll need to ramp.. What We're Looking For. Essential. 3+ years writing detection content: SIEM rules, EDR detections, YARA, Sigma, or equivalent; you understand the craft of reducing noise without missing signals. Strong working knowledge of MITRE ATT&CK: Not just citing technique IDs but reasoning about adversary tradecraft and tactic chaining. SQL proficiency: You write analytical queries comfortably and understand how query performance affects detection latency at scale. Hands-on experience with LLMs in a production or engineering context: You've written prompts, evaluated outputs, and built something that used an LLM API (not just chatted with one). Python fluency: Enough to read, write, and debug the kind of Python that runs detection pipelines, builds API endpoints, and processes security telemetry. Ability to evaluate AI-generated output critically: You understand where LLMs hallucinate in security contexts and how to build guardrails. Clear, precise written communication in English: Detection rules, prompt templates, and eval criteria all live in text. Strong Advantage. Experience with ClickHouse or other columnar / OLAP databases. Familiarity with Protocol Buffers or binary serialisation formats. Background in threat hunting: Building hypotheses, writing queries, and operationalising findings as detections. Experience designing or contributing to AI evaluation frameworks (eval harnesses, golden datasets, pass@k scoring). Exposure to network or endpoint telemetry at volume: DNS, NTLM, Kerberos, process execution, network flows. Prior work at a security vendor, MDR, or SOC where detection quality had direct customer impact. What We Offer. The opportunity to define how AI-native detection engineering actually works in practice: Not as a future roadmap item, but as your primary job. A platform with real telemetry, real adversarial signals, and real stakes: Your rules protect organisations. Direct collaboration with engineering on the product infrastructure your workflow depends on. A team that treats documentation and knowledge capture as engineering hygiene, not overhead. SenseOn offers unlimited access to the latest LLM models for experimentation and research. Be at the bleeding edge of AI development as part of your role. The creation of new attack vectors is soon to become even more of a machine scale problem thanks to LLM’s, SenseOn will build the machine scale solution to Detection & Response. A Note on What This Role Is Not. This is not a role for someone who wants to write detections by day and leave AI integration to "the ML team." There is no ML team: You are the person who bridges these two capabilities. Equally, it's not a role for a pure AI engineer who has never tuned a real detection against adversarial telemetry. Both halves matter equally.. Company Location: Argentina.