Location: IL
Scope: Full-time
Reports to: Co-Founder & CTO
About Reco
At Reco.ai, we redefine SaaS security. Our AI-driven security graph empowers organizations to discover, analyze, and protect their SaaS applications and identities with unmatched precision. In a world where SaaS sprawl and misconfigurations pose significant threats, our mission is to help businesses answer one crucial question: "Is my SaaS environment truly secure?" We’re looking for a Threat Detection Engineer to design, develop, and optimize detection logic for SaaS-based attacks, insider threats, and misconfigurations. If you're passionate about securing SaaS ecosystems, identity governance, and threat hunting, we want you on our team.
Responsibilities
- Analyze user activities, permissions, and behaviors across SaaS applications and IDP platforms (e.g., Okta, Azure AD, Google Workspace, Salesforce, Workday, ServiceNow).
- Hunt for SaaS-related threats, including misconfigurations, excessive permissions, data exposure risks, and anomalous access patterns.
- Develop detection rules using JSONata and SQL to enhance the SaaS Threat Detection and Secure Configuration Engine.
- Optimize detection models to minimize false positives and improve accuracy using ClickHouse and other big-data analytics solutions.
- Collaborate with security researchers and data scientists to define new threat detection strategies based on SaaS attack vectors and industry trends.
- Continuously monitor and analyze SaaS attack techniques, adapting security posture to evolving threats.
- Work with APIs and integrations to ingest security logs from various SaaS platforms, correlating signals to detect real threats.
Qualifications
- 2+ years in cybersecurity, preferably in SOC, SIEM, Threat Intelligence, or Cloud Security.
- Experience with SaaS security challenges, such as shadow IT, OAuth risks, IDP misconfigurations, and excessive permissions.
- Hands-on experience with security data analysis, including large-scale log processing, anomaly detection, and behavioral analytics.
- Proficiency in SQL (e.g., ClickHouse) for querying security events and correlating threat indicators.
- Strong understanding of identity-based attacks, insider threats, and SOC detection methodologies.
- Familiarity with SIEM and XDR solutions (e.g., Splunk, Sentinel, Chronicle) and their role in modern detection engineering.
- Strong problem-solving and analytical skills to triage security incidents and optimize detection rules.
Advantages
- Experience with JSONata for structured log processing and automation.
- Familiarity with SaaS security best practices, including least-privilege access, OAuth governance, and SSPM.
- Knowledge of SaaS security frameworks (e.g., SSPM, CASB).
- Experience with IDP security (Okta, Azure AD, Google IAM) and detecting identity-related SaaS threats.
- Hands-on experience with Threat Hunting in SaaS environments.
- Understanding of SaaS API security and experience analyzing integrations with third-party applications.