B
AI SOC Engineer
Accepting applicationsByLabs · San Francisco Bay Area
Full-Time Associate AIPythonSOC
Posted
11 Jun
Category
Design
Experience
Associate
Country
United States
About the Role
We are looking for an AI SOC Engineer who combines deep offensive/defensive security expertise with hands-on AI engineering skills. You will be the core builder of our “Security Brain” — leveraging LLMs and AI agents to automate detection rule generation, suppress alert noise, and drive fully automated security operations. Using AI to fight AI, you will help Bybit’s SOC stay ahead of increasingly sophisticated, AI-powered adversaries.
Key Responsibilities
Use LLMs and AI tools to automate generation, testing, and continuous optimization of SIEM/EDR/NDR detection rules based on threat intelligence and ATT&CK TTPs
Build a full detection rule lifecycle management system: auto-generate → validate → deploy → evaluate → iterate
Design and implement AI/ML-based alert triage, prioritization, and false-positive suppression models to continuously reduce MTTD/MTTR
Build AI Agent-driven alert automation pipelines: triage → context enrichment → automated verdict → response recommendation
Architect the “Security Brain”: integrate threat intelligence, attack graphs, asset context, and behavioral baselines into a unified knowledge graph
Research and deploy AI SOC platform capabilities: automated threat hunting, AI-assisted incident investigation, and natural language security query (SecOps Copilot)
Design detection scenarios from an attacker’s perspective, ensuring coverage of real APT TTPs (including Lazarus and other crypto-industry threat actors)
Research AI-assisted attack techniques (AI-generated payloads, automated reconnaissance, LLM-assisted social engineering) and proactively build corresponding detection capabilities
Track AI SOC frontier research (LLM for Security, AI Agent for SOC, Agentic Security Operations) and drive internal adoption
Major Requirements
3+ years of SOC/security operations or penetration testing experience with deep understanding of attack chains and defensive architectures
Proficient in major SIEM platforms (Splunk, Elastic etc.) and detection rule languages (SPL, KQL, Sigma)
Familiar with MITRE ATT&CK framework; able to map TTPs and design corresponding detection scenarios
Hands-on experience in alert investigation, incident response, or threat hunti
ngStrong Python engineering skills; able to independently develop AI-assisted security tools and automation scripts
Familiar with LLM application development (Prompt Engineering, RAG, Function Calling, AI Agent frameworks such as LangChain/AutoGen)
Practical experience applying AI/ML models to security use cases (alert classification, anomaly detection, NLP log analysis)
(Bonus) Experience designing or building AI SOC products or platforms (AI SOAR, SecOps Copilot, automated playbooks)
(Bonus) Familiarity with knowledge graphs and graph databases (Neo4j, etc.) in security contexts
(Bonus) Web3 / cryptocurrency security background (on-chain attack detection, exchange security operations)
(Bonus) Security certifications (OSCP, GCIA, GCIH, GREM) or public research contributions (CVE, conference talks, open-source tools)
Show more Show less
We are looking for an AI SOC Engineer who combines deep offensive/defensive security expertise with hands-on AI engineering skills. You will be the core builder of our “Security Brain” — leveraging LLMs and AI agents to automate detection rule generation, suppress alert noise, and drive fully automated security operations. Using AI to fight AI, you will help Bybit’s SOC stay ahead of increasingly sophisticated, AI-powered adversaries.
Key Responsibilities
Use LLMs and AI tools to automate generation, testing, and continuous optimization of SIEM/EDR/NDR detection rules based on threat intelligence and ATT&CK TTPs
Build a full detection rule lifecycle management system: auto-generate → validate → deploy → evaluate → iterate
Design and implement AI/ML-based alert triage, prioritization, and false-positive suppression models to continuously reduce MTTD/MTTR
Build AI Agent-driven alert automation pipelines: triage → context enrichment → automated verdict → response recommendation
Architect the “Security Brain”: integrate threat intelligence, attack graphs, asset context, and behavioral baselines into a unified knowledge graph
Research and deploy AI SOC platform capabilities: automated threat hunting, AI-assisted incident investigation, and natural language security query (SecOps Copilot)
Design detection scenarios from an attacker’s perspective, ensuring coverage of real APT TTPs (including Lazarus and other crypto-industry threat actors)
Research AI-assisted attack techniques (AI-generated payloads, automated reconnaissance, LLM-assisted social engineering) and proactively build corresponding detection capabilities
Track AI SOC frontier research (LLM for Security, AI Agent for SOC, Agentic Security Operations) and drive internal adoption
Major Requirements
3+ years of SOC/security operations or penetration testing experience with deep understanding of attack chains and defensive architectures
Proficient in major SIEM platforms (Splunk, Elastic etc.) and detection rule languages (SPL, KQL, Sigma)
Familiar with MITRE ATT&CK framework; able to map TTPs and design corresponding detection scenarios
Hands-on experience in alert investigation, incident response, or threat hunti
ngStrong Python engineering skills; able to independently develop AI-assisted security tools and automation scripts
Familiar with LLM application development (Prompt Engineering, RAG, Function Calling, AI Agent frameworks such as LangChain/AutoGen)
Practical experience applying AI/ML models to security use cases (alert classification, anomaly detection, NLP log analysis)
(Bonus) Experience designing or building AI SOC products or platforms (AI SOAR, SecOps Copilot, automated playbooks)
(Bonus) Familiarity with knowledge graphs and graph databases (Neo4j, etc.) in security contexts
(Bonus) Web3 / cryptocurrency security background (on-chain attack detection, exchange security operations)
(Bonus) Security certifications (OSCP, GCIA, GCIH, GREM) or public research contributions (CVE, conference talks, open-source tools)
Show more Show less
Similar Jobs
M
MTS, Analog Design Engineering
Micron · Boise, United States, North America
M
Senior Engineer, STPG PE (FDV-Verilog)
Micron · Singapore, Singapore, Asia
M
Digital IC Design Engineer - Early Career
Marvell · Westborough, United States, North America
M
Staff Firmware/Software Engineer- Embedded SoC/Microcontroller/DSP/SERDES/AEC/Microled/ODSP/PHY/AI Connectivity
Marvell · Santa Clara, United States, North America