Detection Lab Architect

Team: Customer Success

Who We Are

Gravwell is a full-stack security and observability platform built for people who need answers from their data—fast. Whether you're hunting threats, investigating incidents, or managing logs, Gravwell gives you the tools and performance to stay ahead. We're on a mission to simplify the SIEM experience without sacrificing power or flexibility.

What You’ll Do

As a Detection Lab Architect, you’ll shape the future of Gravwell content by running the testing infrastructure that powers our detection kits. You’ll design the frameworks that validate detections, research and integrate new log sources, and ensure kits align with modern detection engineering practices. You’ll be part builder, part researcher, and part strategist—bridging the gap between raw log data and actionable detections.

Your Responsibilities

• Own and operate the Gravwell detection lab infrastructure, ensuring high-fidelity log generation and testing environments.

• Design and evolve the architecture of Gravwell detection kits, including schema alignment, enrichment workflows, and deployment strategies.

• Research, acquire, and integrate new log sources to expand Gravwell’s detection coverage in an automated and reproducible manner.

• Build and maintain reusable testing pipelines for validating detection content at scale.

• Collaborate with Customer Success, Product, and Engineering teams to scope and deliver professional services projects.

• Develop and document methodologies for kit testing, content validation, and detection lifecycle management.

• Deploy and manage VMs, containers and applications utilizing Terraform and Ansible.

• Act as a subject-matter expert on log source diversity, kit architecture, and detection engineering best practices.

• Support developers and customer service in triage, bug hunting, and issue reproduction.

What We’re Looking For

• 4–7+ years of experience in detection engineering, SIEM content development, or security research.

• Deep familiarity with log data from common enterprise and cloud technologies (Windows, Linux, authentication systems, cloud platforms, security tools).

• Strong understanding of tools and frameworks such as MITRE ATT&CK, Sigma, or OCSF.

• Experience with building or managing test labs and log generation pipelines.

• Solid Linux administration skills, including networking, system services, and automation.

• Strong problem-solving skills and the ability to translate ambiguous requirements into structured detection content.

• Excellent communication and documentation abilities—you can explain complex log behavior clearly.

Nice to Have

• Experience with Gravwell or other SIEM platforms (e.g., Splunk, Elastic, QRadar, Sentinel).

• Background in kit or content lifecycle management (from design through validation and deployment).

• Familiarity with enrichment techniques, schema normalization, and risk-based analytics.

• Knowledge of detection efficacy measurement and false-positive reduction strategies.

• Contributions to open-source detection frameworks, rule repositories, or security research.

Why Gravwell?

• Work on a high-impact platform with real-world security and observability challenges.

• Build tools that help teams detect and respond to threats faster.

• Autonomy to design and run your own lab—small team, big ownership.

• Fully remote and flexible work environment with minimal red tape.

• Collaborate with passionate engineers and practitioners who care about clarity, scale, and real-world efficacy.

• Help redefine how detection engineering is practiced across modern environments.

Compensation

Base Salary: $150,000 – $220,000

Don’t meet every single requirement? That’s okay. We believe great teammates can learn new skills. If you bring curiosity, a strong work ethic, and a collaborative mindset, we can teach the rest. Gravwell is built by people who love solving problems together—we’d love to meet you.

Don’t meet every single requirement?

That’s okay. We believe great teammates can learn new skills. If you bring curiosity, a strong work ethic, and a collaborative mindset, we can teach the rest. Gravwell is built by people who love solving problems together—we’d love to meet you.

Remote Position (United States)

Gravwell provides our employees with the flexibility to be creative and successful no matter where they are located. We have a flexible approach to work, meaning you can work from home, regardless of where you live within the United States. Gravwell provides flexible benefits and a collaborative work environment.

Equal Opportunity Employer

Gravwell is an Equal Opportunity Employer. All applicants will be considered for employment without attention to race, color, religion, sexual orientation, gender identity, national origin, veteran or disability status. Gravwell is a progressive and open-minded workplace where we do not tolerate discrimination of any kind.