Cybersecurity Company - Senior Integration Engineer

About the Role

This role will play a key part in transforming our integration landscape to meet the demands of a modern, secure, and scalable architecture.

The ideal candidate will balance hands-on technical expertise with strong architectural and communication skills. You’ll collaborate across global teams to ensure solutions meet business needs, align with enterprise architecture standards, and are delivered with precision, quality, and resilience.

Key Responsibilities

• Maintain and improve existing integration connectors (CrowdStrike, Sentinel, Palo Alto, Fortinet, etc.) across v1 and v2

• Build new vendor connectors as customer demand requires, handle auth flows, data formatting, batching, error handling, and rate limiting

• Potentially port the Flask to FastAPI as the platform migration progresses

• Implement the detection rule deployment pipeline push Sigma-generated rules to SIEMs in monitor/block mode via vendor APIs

• Build inbound event ingestion, pull security events from customer SIEMs into Augur for correlation and enrichment

• Own the credential management system, secure storage, rotation, and validation of customer API keys and OAuth tokens

• Build and maintain bulk feed exports STIX/TAXII, EDL, CSV, and custom formats hosted on S3

• Design job scheduling and monitoring Celery tasks with retry logic, error alerting, sync status tracking

• Support data lake integrations (Snowflake, Databricks) generate and deploy SQL-based detections against customer schemas

• Troubleshoot customer integration issues, debug sync failures, credential problems, data format mismatches

• Write integration tests and maintain connector health checks

Required Skills & Experience

• Python 3+ years, this is 90% of the work

• REST API integration consuming third-party APIs, OAuth2/API key auth, pagination, rate limiting, and retry with backoff

• SIEM/EDR platforms hands-on experience with at least 2-3: CrowdStrike Falcon, Splunk, Microsoft Sentinel, Palo Alto, Fortinet, Zscaler

• Background job systems Celery, RQ, or equivalent (scheduling, error handling, dead letter queues)

• Data serialization JSON, CSV, XML; comfortable transforming between vendor-specific formats

• SQL writing and understanding queries against security event data

• AWS fundamentals S3 (file hosting), Secrets Manager (credential storage)

• Git version control, PR workflow

Preferred Qualifications

• falconpy (CrowdStrike Python SDK) our largest integration

• STIX 2.x / TAXII 2.1 industry standard for threat intel sharing

• EDL (External Dynamic List) pattern Palo Alto, Zscaler, FortiGate

• FastAPI or any async Python web framework

• Sigma rule format ties into detection rule deployment

• Snowflake / Databricks SQL-based detection engineering against data lakes

• Threat intelligence domain knowledge IOC types, predictions, blocklists, what SOC teams need

• Experience at a security vendor (SOAR, TIP, SIEM, or MDR) building platform integrations

• Vendor partner program experience (CrowdStrike Marketplace, Splunk Apps, Palo Alto Cortex XPANSE)

Interview Process

• Silver Screening interview.

• Silver Technical Interview.

• Client Behavioral Interview.

• Client Technical Interview.