Note: The job is a remote job and is open to candidates in USA. The Hacking Games is a well-funded company seeking a Chain-Platform Engineer to contribute to their Adversary Chain Engine (ACE) platform. The role involves designing and refining detection rules, extending the estate model, and developing stateful correlation engines to enhance security detection capabilities.
Responsibilities
- Grow the current rule manifest into a declarative chain manifest that carries the whole graph: the steps, how they connect, the timing and cross-silo joins, and the detection leaves each step compiles to
- Refine per-stack leaf translators for Splunk SPL, Sentinel KQL, CrowdStrike and Defender. One generator per dialect, all reading a single chain-step representation
- Extend the estate model from a static tool inventory to a rule inventory keyed against each customer's actually deployed content
- Tighten the gap report so a customer downloads a coherent, manifest-bound bundle, not a zip of disconnected rules
- A stateful correlator that consumes evidence events from customer SIEMs and scores how strongly the live evidence supports each chain
- A lean evidence return channel: HTTPS ingest, schema validation, and resolution back to the manifest
- Per-tenant isolation across the Postgres schema and artefact store
- Enhance the statefulness to interpret real time status and infer next steps
Skills
- Strong Python. Comfortable with async, ORMs, schema migrations and FastAPI in production
- TypeScript and React to the level of 'can ship a polished modal without supervision'
- Detection engineering grounding. SIGMA and YARA in your day to day, MITRE ATT&CK and D3FEND as a working reference, and fluency in at least one SIEM dialect (SPL or KQL)
- Pragmatic about LLMs. You have used Claude Code or an equivalent to move at multiples of unaided speed, and you know when to trust the model, how to maintain architectural integrity within the tactical limits of Claude Code, and when to write the spec
- Ideally built or operated detection content in a SOC, a vendor, or a red team
- Fluency across several SIEM and EDR query languages, not just one
- Experience building correlation engines, streaming pipelines, or stateful event processors
- Red team tooling or adversary emulation (Atomic Red Team, Caldera, Stratus)
- Shipped a developer tool or security platform from MVP to first paying customer
Company Overview