Security Engineer - Threat Detection

About Snowflake

At Snowflake, we are powering the era of the agentic enterprise. To usher in this new era, we seek AI-native thinkers across every function who are energized by the opportunity to reinvent how they work. You don’t just use tools; you possess an innate curiosity, treating AI as a high-trust collaborator that is core to how you solve problems and accelerate your impact. We look for low-ego individuals who thrive in dynamic and fast-moving environments and move with an experimental mindset — who rapidly test emerging capabilities to discover simpler, more powerful ways to deliver results. At Snowflake, your role isn't just to execute a function, but to help redefine the future of how work gets done.

Role Overview

Snowflake has developed a world class cloud data platform that is effective, affordable and accessible to all data users. As we continue to scale globally, we are investing heavily in AI-powered threat detection and response to protect our customers and our environment at cloud scale. We are looking for a Security Engineer – Threat Detection who will help enhance Snowflake’s Threat Detection Program and extend the reach and impact of Threat Detection across Snowflake, with AI and automation as core primitives in how we detect, triage, and respond to threats. You will combine security expertise with strong engineering skills to build, maintain, and evolve detections and supporting pipelines.

The ideal candidate seeks to gain a strong understanding of the Snowflake Product and Corporate environment, then uses that knowledge to create, optimize, and continuously improve detections that mitigate identified risks. You will partner with stakeholders across Security and Engineering, making informed, data-driven decisions based on threat models, proactive threat hunts, and data science–oriented exploration of logs and telemetry. You will make recommendations for detective and preventative controls, and you will design and build automations and AI-driven workflows that enhance our security posture and reduce mean time to detect and respond.

What You Need

• Security Engineering Experience (Threat Detection, Incident Response, Threat Hunting, Product Security, Corporate Security, or other related disciplines)
• Solid experience writing code — whether in software engineering, data engineering, or building automations (Python, Go, etc.), with a desire to apply these skills to AI/ML-powered use cases in detection and response.
• Experience collaborating with various security teams and stakeholders
• Ability to review and analyze logging and observability requirements that support detection and response
• A risk-based approach to security to help prioritize key security initiatives and determine when AI provides meaningful value over traditional rules and heuristics.
• Knowledge of the current security landscape with domain knowledge in several of: cloud security, identity and access, SaaS security, endpoint security, data security, and insider risk.
• An automation-first mindset for scaling security, including comfort with CI/CD, infrastructure as code, and “detections as code.”
• Be a humble, team-oriented engineer who prioritizes team success in a zero-ego environment.

What You Will Do

• Develop and deploy detections using modern engineering practices (testing/validation, CI/CD pipelines, detections as code, detection development lifecycle, etc.), including both rules-based and AI-assisted detections.
• Mature our threat detection program by analyzing gaps and mitigating risks via detective controls, including experimentation with AI/ML approaches where they improve signal-to-noise ratio or analyst efficiency.
• Build and maintain strong partnerships with our stakeholders to provide detection as a service, including self-service patterns, reusable components, and AI-enhanced detections that support their domains.
• Continuously measure and improve detection quality (coverage, precision/recall, false positive rate, latency)

Minimum Qualifications

• Experience