Website:
thethreatlens.com
Job details:
Company Description
ThreatLens is an enterprise-grade, AI-augmented platform designed to enhance investigation integrity for modern Security Operations. Operating as a vendor-neutral Investigation Integrity Layer, ThreatLens integrates with leading security technologies like Splunk, Microsoft Sentinel, and CrowdStrike to transform fragmented alerts into structured, evidence-backed investigations. Leveraging its Investigation-Level Truth (ILT) Engine, ThreatLens generates actionable insights, competing incident hypotheses with confidence scores, and audit-ready findings. Designed for SOC teams, CISOs, and MSSPs, ThreatLens prioritizes governance, transparency, and control in complex and regulated environments.
Role Description
We are looking for a Security Integration Engineer to build and scale integrations across the SOC ecosystem.
This role will own the connector and integration experience between ThreatLens and leading security platforms such as Splunk, Microsoft Sentinel, CrowdStrike, QRadar, Microsoft Defender, SentinelOne, Elastic, ServiceNow, and other enterprise security technologies.
You will work closely with product, engineering, and customer teams to design reliable, scalable, and secure integration workflows that accelerate customer onboarding and operational value.
This is a high-impact role directly tied to platform adoption and customer success.
Responsibilities
Design, build, and maintain integrations with SIEM, EDR, XDR, SOAR, TIP, and cloud security platforms
Develop APIs, ingestion pipelines, webhooks, and event processing workflows
Build reusable connector frameworks and integration SDKs
Normalize telemetry and map events into ThreatLens data models
Implement authentication mechanisms including OAuth, API keys, service principals, and token-based integrations
Improve integration reliability, observability, retry handling, and monitoring
Collaborate with SOC analysts and customers to understand operational workflows
Support bi-directional integrations for alert enrichment and automated response actions
Create technical documentation, onboarding guides, and deployment playbooks
Work with customer-facing teams during onboarding and integration troubleshooting
Required Qualifications
3+ years of experience in integration engineering, security engineering, or platform engineering
Hands-on experience with SIEM/XDR/SOAR platforms such as:
Splunk
Microsoft Sentinel
CrowdStrike
SentinelOne
Elastic
Microsoft Defender
Universal Connector
Strong understanding of SOC operations and security telemetry
Experience building REST APIs, webhook systems, and event-driven architectures
Strong Python development skills
Familiarity with log formats, event normalization, and detection pipelines
Experience with cloud platforms (AWS, Azure, or GCP)
Understanding of authentication and identity models for enterprise integrations
Ability to troubleshoot distributed systems and integration workflows
Nice to Have
Experience with threat intelligence platforms or MITRE ATT&CK mapping
Experience with SOAR/playbook automation
Familiarity with Kafka, RabbitMQ, or streaming architectures
Experience working in cybersecurity startups
Knowledge of multi-tenant SaaS architectures
Exposure to AI-assisted security workflows or agentic systems
What You’ll Build
Enterprise-grade SOC integrations
Connector frameworks and ingestion pipelines
AI-assisted investigation workflows
Security telemetry enrichment systems
Automated response orchestration capabilities
Why Join ThreatLens
Build foundational technology in AI-augmented cybersecurity
Work directly on real-world SOC automation challenges
High ownership and technical impact
Opportunity to shape integration architecture from the ground up
Fast-moving startup environment with significant growth potential
How to Apply
Send your resume and relevant integration/project experience to:careers@thethreatlens.com
Click on Apply to know more.