Senior Security Engineer, Uppercase Research

Google Google · Big Tech · Austin, TX +1

This role focuses on building and scaling autonomous security operations using AI agents and LLM-driven pipelines. The engineer will design and deploy intelligent agentic workflows for threat hunting and automated detection, transforming static security workflows into self-correcting, LLM-driven pipelines that automate the detection lifecycle. The role involves deep-dive technical analysis of adversary behavior to train ML models and ground agentic workflows, and creating tooling to support automated security operations.

What you'd actually do

  1. Build and optimize AI-agent frameworks (such as threat hunting and detection engineering agents) to automate triage, context enrichment, and initial threat analysis.
  2. Construct and manage end-to-end pipelines that autonomously write, test, and tune yet another recursive acronym - log (YARA-L) rules based on emerging threat behavior.
  3. Conduct deep-dive technical analyses of adversary behavior to extract concrete indicators and logic that train machine learning models and ground agentic workflows.
  4. Drive continuous refinement of the rule lifecycle by leveraging advanced LLM architectures to automate regression testing, false-positive reduction, and rule deprecation. Perform data analysis on large threat intelligence datasets to uncover hidden patterns, feed ML pipelines, and expand the knowledge base of autonomous systems.
  5. Create, maintain, and scale the underlying processes and code-driven tooling required to support decentralized, automated security operations.

Skills

Required

  • 5 years of experience leading security assessments, threat modeling, or security design reviews for systems.
  • 5 years of coding experience in one or more general purpose languages. (e.g., Python, Golang, Java, C++).
  • 5 years of experience with security engineering, computer and network security and security protocols.

Nice to have

  • Experience designing, building, or implementing LLMs and autonomous agent frameworks to accelerate threat detection lifecycles, automate security operations triage, or orchestrate self-healing detection pipelines.
  • Experience in security research, advanced threat hunting, and signals development across endpoint or cloud data sources (e.g., Google Cloud, Cloud computing platform, Kubernetes).
  • Ability to scope ambiguous security problems, evaluate systemic risks, and communicate technical security strategies effectively to both engineering teams and executive stakeholders.

What the JD emphasized

  • autonomous security operations
  • intelligent agentic workflows
  • LLM-driven pipelines
  • security research
  • advanced threat hunting
  • autonomous systems

Other signals

  • autonomous security operations
  • intelligent agentic workflows
  • LLM-driven pipelines