Location:
Remote (U.S.-based); proximity to Boston, NYC, or D.C. is a plus
About Us:
Nebulock is a seed-stage cybersecurity startup backed by Bain Capital Ventures and Decibel Partners, building the future of agentic AI–driven threat hunting.
We’re reimagining how detection engineering is done, empowering analysts and defenders with AI systems that can automatically find, validate, and explain complex attacks across cloud, SaaS, and endpoint environments.
We’re a high-caliber team driven by curiosity, speed, and technical depth—building the tools that will define the next era of autonomous threat detection.
Position Overview:
As the Principal Cloud Detections Engineer, you’ll lead the design and scaling of Nebulock’s cloud and SaaS detection coverage.
You’ll work closely with Nebulock’s architecture, product, and AI teams to expand detection fidelity across Linux, cloud, and SaaS environments—ensuring that telemetry turns into meaningful, actionable insight.
This role is ideal for a detection engineer who thrives in both strategy and execution, someone who can zoom out to shape detection philosophy while building detections that catch real-world threats.
Our Values
Low Ego, Empathy for the Customer, Passion for the Problem, and Learning and Accountability.
What You'll Do :
● Scale Detection Coverage: Build and maintain high-fidelity detections for Linux, cloud, and SaaS environments (AWS, GCP, Azure, Okta, M365, and more).
● Integrate and Automate: Develop integrations and pipelines that normalize telemetry and automate detection validation.
● Build and Set Strategy for Detections CI / CD: Design, collaborate on, and implement a detections CI / CD pipeline to enable automated testing, deployment, and lifecycle management of detection content.
● Author & Validate Detections: Write and tune detection logic to surface advanced adversary behaviors like lateral movement, identity abuse, and privilege escalation.
● Drive Strategy: Partner with leadership on detection roadmap, coverage priorities, and architectural design decisions.
● Collaborate Across Teams: Work with AI and backend engineers to optimize detections for automation, scoring, and continuous learning.
● Contribute to the Community: Share research, insights, and lessons learned with the broader detection engineering community through talks, writing, or open-source contributions.
● Mentor & Lead: Provide technical guidance to junior engineers and help define Nebulock’s detection engineering culture.
Who You Are:
● Experienced detection engineer with deep understanding of cloud, SaaS, and Linux environments.
● Strong knowledge of AWS, GCP, Azure, Okta, and M365 telemetry sources and security models.
● Proven track record building and scaling detections across diverse infrastructures.
● Proficiency in Python or equivalent for detection automation and data processing.
● Ability to connect low-level signals to high-level adversary behaviors.
● Curiosity-driven, pragmatic, and comfortable balancing precision with velocity.
● U.S.-based (citizenship preferred); able to travel occasionally for team meetups or on-sites.
Preferred Experience :
● Background in detection engineering at a modern MSSP, MDR, or cloud-first organization.
● Experience building detection-as-code frameworks and validation pipelines.
● Familiarity with Sigma, OSQuery, or EQL/KQL for cross-platform rule authoring.
● Experience integrating detections with SIEMs, data lakes, or security automation platforms.
● Understanding of how AI and automation can augment detection workflows.
● Active participation in the detection or threat research community.
What We Offer:
● A founding-level role shaping Nebulock’s detection architecture and strategy.
● Opportunity to define the coverage and integrations layer of a next-generation AI security platform.
● A low-ego, high-autonomy culture built around curiosity, rigor, and experimentation.
● Competitive compensation, early equity, and full benefits (health, dental, vision, 401k).
● Access to leading minds in AI and security through our investors, advisors, and customers.
Why Nebulock:
● Category-Defining Mission: We’re making AI agents the first responders in cybersecurity.
● Elite Team & Backing: Founded by veterans of top security and AI companies, backed by BCV and Decibel.
● Real Impact: Join at the ground floor of a product that will redefine how security teams detect and defend.