Threat Detection Engineer

Location: IL

Scope: Full-time

Reports to: Co-Founder & CTO

About Reco

At Reco.ai, we redefine SaaS security. Our AI-driven security graph empowers organizations to discover, analyze, and protect their SaaS applications and identities with unmatched precision. In a world where SaaS sprawl and misconfigurations pose significant threats, our mission is to help businesses answer one crucial question: "Is my SaaS environment truly secure?" We’re looking for a Threat Detection Engineer to design, develop, and optimize detection logic for SaaS-based attacks, insider threats, and misconfigurations. If you're passionate about securing SaaS ecosystems, identity governance, and threat hunting, we want you on our team.

Responsibilities

  • Analyze user activities, permissions, and behaviors across SaaS applications and IDP platforms (e.g., Okta, Azure AD, Google Workspace, Salesforce, Workday, ServiceNow).
  • Hunt for SaaS-related threats, including misconfigurations, excessive permissions, data exposure risks, and anomalous access patterns.
  • Develop detection rules using JSONata and SQL to enhance the SaaS Threat Detection and Secure Configuration Engine.
  • Optimize detection models to minimize false positives and improve accuracy using ClickHouse and other big-data analytics solutions.
  • Collaborate with security researchers and data scientists to define new threat detection strategies based on SaaS attack vectors and industry trends.
  • Continuously monitor and analyze SaaS attack techniques, adapting security posture to evolving threats.
  • Work with APIs and integrations to ingest security logs from various SaaS platforms, correlating signals to detect real threats.

Qualifications

  • 2+ years in cybersecurity, preferably in SOC, SIEM, Threat Intelligence, or Cloud Security.
  • Experience with SaaS security challenges, such as shadow IT, OAuth risks, IDP misconfigurations, and excessive permissions.
  • Hands-on experience with security data analysis, including large-scale log processing, anomaly detection, and behavioral analytics.
  • Proficiency in SQL (e.g., ClickHouse) for querying security events and correlating threat indicators.
  • Strong understanding of identity-based attacks, insider threats, and SOC detection methodologies.
  • Familiarity with SIEM and XDR solutions (e.g., Splunk, Sentinel, Chronicle) and their role in modern detection engineering.
  • Strong problem-solving and analytical skills to triage security incidents and optimize detection rules.

Advantages

  • Experience with JSONata for structured log processing and automation.
  • Familiarity with SaaS security best practices, including least-privilege access, OAuth governance, and SSPM.
  • Knowledge of SaaS security frameworks (e.g., SSPM, CASB).
  • Experience with IDP security (Okta, Azure AD, Google IAM) and detecting identity-related SaaS threats.
  • Hands-on experience with Threat Hunting in SaaS environments.
  • Understanding of SaaS API security and experience analyzing integrations with third-party applications.
Apply for this Job
Max file size 10MB.
Uploading...
fileuploaded.jpg
Upload failed. Max size for files is 10 MB.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.