Staff Threat Detection Engineer

The Detection and Response Engineering (DaRE) team protects Chainalysis corporate assets and manages internal incident response. We reduce risk by building systems that detect and contain malicious activity while performing high-stakes digital forensics. Our mission is to ensure that as blockchain adoption grows, our own infrastructure remains resilient against evolving threats. As a Staff Threat Detection Engineer, you are the technical lead for our corporate threat detection strategy. You design high-fidelity detections, lead proactive threat hunting, and perform critical risk assessments for both corporate and product engineering functions. This is a high-profile role where you will act as a subject matter expert (SME) for threat modeling, guiding security best practices across all corporate functions. In this role, you’ll: - Lead Detection Strategy: Own the end-to-end roadmap for corporate threat detection, mapping coverage against frameworks like MITRE ATT&CK. - Engineeer High-Fidelity Detections: Design and maintain scalable detection logic across SIEM, EDR, and cloud logging platforms (AWS/GCP). - Conduct Threat Hunting: Plan and execute hypothesis-driven hunting campaigns to uncover novel TTPs and turn findings into durable controls. - Perform Risk Modeling: Lead threat assessments and design reviews for new technology on-boarding and product design changes. - Optimize Response: Partner with Incident Response to refine alert quality, automate triage playbooks, and reduce time-to-containment. - Mentor & Influence: Provide technical leadership and mentorship to the DaRE team while influencing product teams to improve visibility and remediate gaps. We’re looking for candidates who have: - 8+ years of experience in detection engineering, SOC, or incident response at scale. - Deep expertise in building and tuning detections within SIEM, EDR, and log analytics platforms. - Advanced proficiency in writing complex detection queries (e.g., KQL, SPL, SQL). - Demonstrated experience detecting modern attacker TTPs across endpoint, identity, and cloud environments. - Strong scripting skills (Python, Bash) for automation and enrichment. - Proven ability to lead cross-functional security initiatives with IT and Engineering stakeholders. Nice to have experience: - Experience leading threat hunting in cloud-first or SaaS-heavy environments. - Familiarity with securing AI integrations and managing associated security risks. - Knowledge of blockchain ecosystems and threats specific to the Web3/Crypto space. - Prior experience in a Staff-level technical leadership or mentorship role. - Red teaming experience against web technologies - OSINT and investigations Technologies we use: - SIEM, EDR, and Log Analytics platforms - AWS, GCP - Python, Bash - KQL, SPL, SQL - MITRE ATT&CK Framework AI at Chainalysis AI is not a feature at Chainalysis - it is a new way of working. One that turns instructions into work done, and helps us move faster than the threats we're built to counter, and we expect our employees to take ownership of the output and ensure quality. As the world's most trusted blockchain analytics platform, Chainalysis sits at a rare intersection of proprietary data, regulatory relationships and crypto expertise that makes it uniquely placed to shape and lead the next era of AI-driven intelligence - and we expect everyone here, regardless of role, to be an active part of it. AI fluency is tied directly to how we measure performance and how we plan to win. There is no substitute for your own curiosity. We provide the tools, workflows, and space to experiment - but the expectation is that you develop these capabilities yourself, bring ideas, and collaborate across teams to reinvent the way work gets done. We are not using AI to do less. We are using it to do what was never possible before. About Chainalysis Chainalysis is the blockchain data platform, making it easy to connect the movement of digital assets to real-world services. Powered by deep blockchain data and AI, organizations can investigate illicit activity, manage risk exposure, and develop innovative market solutions built on the industry's most trusted blockchain intelligence. Our mission is to build trust in blockchains, blending safety and security with an unwavering commitment to growth and innovation. You belong here.  At Chainalysis, we believe that diversity of experience and thought makes us stronger. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. We’re ensuring we keep learning by committing to continually revisit and reevaluate our diversity culture. We encourage applicants across any race, ethnicity, gender/gender expression, age, spirituality, ability, experience and more. If you need any accommodations to make our interview process more accessible to you due to a disability, don't hesitate to let us know. You can learn more here https://go.chainalysis.com/rs/503-FAP-074/images/Interview%20Accommodations%20Request.pdf. We can’t wait to meet you.