About the RoleThis role will play a key part in transforming our integration landscape to meet the demands of a modern, secure, and scalable architecture.The ideal candidate will balance hands-on technical expertise with strong architectural and communication skills. You’ll collaborate across global teams to ensure solutions meet business needs, align with enterprise architecture standards, and are delivered with precision, quality, and resilience.Key ResponsibilitiesMaintain and improve existing integration connectors (CrowdStrike, Sentinel, Palo Alto, Fortinet, etc.) across v1 and v2Build new vendor connectors as customer demand requires, handle auth flows, data formatting, batching, error handling, and rate limitingPotentially port the Flask to FastAPI as the platform migration progressesImplement the detection rule deployment pipeline push Sigma-generated rules to SIEMs in monitor/block mode via vendor APIsBuild inbound event ingestion, pull security events from customer SIEMs into Augur for correlation and enrichmentOwn the credential management system, secure storage, rotation, and validation of customer API keys and OAuth tokensBuild and maintain bulk feed exports STIX/TAXII, EDL, CSV, and custom formats hosted on S3Design job scheduling and monitoring Celery tasks with retry logic, error alerting, sync status trackingSupport data lake integrations (Snowflake, Databricks) generate and deploy SQL-based detections against customer schemasTroubleshoot customer integration issues, debug sync failures, credential problems, data format mismatchesWrite integration tests and maintain connector health checksRequired Skills & ExperiencePython 3+ years, this is 90% of the workREST API integration consuming third-party APIs, OAuth2/API key auth, pagination, rate limiting, and retry with backoffSIEM/EDR platforms hands-on experience with at least 2-3: CrowdStrike Falcon, Splunk, Microsoft Sentinel, Palo Alto, Fortinet, ZscalerBackground job systems Celery, RQ, or equivalent (scheduling, error handling, dead letter queues)Data serialization JSON, CSV, XML; comfortable transforming between vendor-specific formatsSQL writing and understanding queries against security event dataAWS fundamentals S3 (file hosting), Secrets Manager (credential storage)Git version control, PR workflowPreferred Qualificationsfalconpy (CrowdStrike Python SDK) our largest integrationSTIX 2.x / TAXII 2.1 industry standard for threat intel sharingEDL (External Dynamic List) pattern Palo Alto, Zscaler, FortiGateFastAPI or any async Python web frameworkSigma rule format ties into detection rule deploymentSnowflake / Databricks SQL-based detection engineering against data lakesThreat intelligence domain knowledge IOC types, predictions, blocklists, what SOC teams needExperience at a security vendor (SOAR, TIP, SIEM, or MDR) building platform integrationsVendor partner program experience (CrowdStrike Marketplace, Splunk Apps, Palo Alto Cortex XPANSE)Interview ProcessSilver Screening interview.Silver Technical Interview.Client Behavioral Interview.Client Technical Interview.