Research adversarial techniques and translate threat behaviors into high-fidelity detections aligned to complex cybersecurity use cases.
Design, build, and operate production-grade security detection infrastructure across Google SecOps and internal automation applications that support enrichment, orchestration, and response workflows.
Lead telemetry and detection lifecycles, including source onboarding, parsing, normalization, enrichment, testing, deployment, tuning, and ongoing maintenance.
Develop custom integrations, automations, and lightweight services using application programming interfaces (APIs), webhooks, and event-driven patterns to improve signal fidelity and reduce mean time to detect and mean time to respond.
Create dashboards, metrics, and reports using business intelligence tools, structured query language (SQL), statistical analysis, and applied artificial intelligence and machine learning techniques to improve threat visibility and operational reporting.
Apply Python, prompt-driven workflows, model context protocol (MCP) capabilities, and agent-to-agent orchestration patterns to support detection engineering, enrichment, and analytic decision support.
Collaborate with threat intelligence, threat hunters, incident responders, red team, and engineering partners to evaluate detection coverage gaps and improve defensive capabilities.
Manage work through Agile practices, documenting requirements, tracking delivery, and maintaining reliable platform operations across hybrid environments.
Experience you'll need to have:
8+ years of experience in cybersecurity engineering, security operations, or detection engineering, including building and maintaining detections for enterprise security environments.
8+ years of experience developing and tuning detections using security information and event management (SIEM) technologies, security orchestration, automation, and response (SOAR) platforms, and correlated rule logic for complex threat scenarios.
8+ years of experience scripting and automation development using Python, SQL, PowerShell, Bash, or similar languages to support integrations, telemetry processing, and response workflows.
Experience designing and supporting API integrations using representational state transfer (REST), JavaScript Object Notation (JSON), webhooks, OAuth, service accounts, and event-driven messaging patterns with measurable reliability and observability outcomes.
Experience applying MITRE ATT&CK, detection coverage analysis, telemetry mapping, dashboard development, and threat reporting to improve cyber detection quality and operational awareness.
Bachelor's degree in cybersecurity, computer science, information technology, engineering, or a related field, or equivalent combination of education, related experience and/or military experience.
Experience that would be great to have:
Experience with Google SecOps in enterprise-scale detection engineering or security operations environments.
Experience applying artificial intelligence, machine learning, feature engineering, prompt engineering, and AI-assisted coding to cybersecurity analytics, enrichment, or automation use cases.
Experience with infrastructure as code, continuous integration and continuous delivery (CI/CD), Git-based workflows, and platform automation using tools such as Terraform.
Industry certifications such as GIAC Certified Incident Handler, GIAC Security Operations Certified, GIAC C
Additional Information
Calling all innovators - find your future at Fiserv.
We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants and consumers to one another millions of times a day - quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we're involved. If you want to make an impact on a global scale, come make a difference at Fiserv.
Job Title
Threat Detection & Automation Engineer
About your role:
As a Threat Detection & Automation Engineer, you will enable end-to-end detection engineering across telemetry onboarding, detection content development, response automation, and threat reporting within Cyber Security Operations at Fiserv. You will be a partner with threat intelligence, threat hunting, incident response, red team, platform, and engineering teams to build and operate resilient detection infrastructure and integrations at enterprise scale. Your work will strengthen detection fidelity, improve operational awareness, and help teams respond quickly to credible threats across the Fiserv environment.
Fiserv · Berkeley Heights, NJ