Canoo Technologies Inc.

Sr. Engineer - Digital Forensics and Threat Hunting

Information Technology
Full Time
Location : Location
Additional Locations
US-AR-Bentonville | US-OK | US-OK-Tulsa

About Canoo

Canoo’s mission is to bring EVs to Everyone and build a world-class team to deploy this sustainable mobility revolution. We have developed breakthrough electric vehicles that are reinventing the automotive landscape with pioneering technologies, award-winning designs, and a unique business model that spans all owners in the full lifecycle of the vehicle. Canoo is starting production in 2022 and is distinguished by its pioneering and experienced team of technologists, engineers, and designers. With offices around the country, the company is scaling quickly and seeking candidates who love to challenge themselves, are motivated by purpose, and possess a strong desire to get things done. 


Canoo’s success is the direct result of our disciplined application of our core operating principles and drills, which are based on three main principles: Think 80/20 (“Important versus less important”), Act 30/30 (“Reduce waste and increase output”), and Live 90/10 (“We have each other’s back”). We hire based on “MET” - Mindset, Equipment and willingness to Train - and seek individuals that take accountability and deliver results being Humble, Hungry to succeed, and Hunting for opportunities to win. We train our team to engage with each other by modulating between their intellect (iQ) and emotional intelligence (eQ) applying Facts, Finesse, and Force when they communicate. The principles and drills of the CANOO Way have been fundamental to our success, our ability to grow, continuously improve, innovate and are at the core of our day-to-day operations. 



As a Threat Detection Engineer and Threat Hunter on our Security Operations Team, you will be responsible for helping to design, build, and deliver major components of Canoo’s incident response and threat hunting strategy. Primary duties will focus on finding evidence of threats or suspicious behavior and leveraging data to improve controls and processes. This individual will participate in developing and deploying detections in various SIEM and EDR platforms as well as working on security automation. This role requires a blend of investigative, analytical, security, and technical skills. 


Responsibilities (80s of the Position) 

  • Proactively hunt through cloud/endpoint/networks logs to detect and isolate advanced threats within Canoo.
  • Implement live forensics “triage” analysis and process for adverse endpoint events, suspected insider events and provide eDiscovery assistance as needed.
  • Examine, review and present artifacts and timelines of suspected malicious activity.
  • Identify, contain, mitigate, recover, and report on cyber-security incidents affecting the enterprise and business.
  • Partner with team to implement detections where required to identify defensive gaps and prioritize mitigations.
  • Collaborate with IT and Cyber to improve or evaluate available toolsets and close deficiencies in controls and automation where applicable.
  • Serve as an initial point of escalation for suspected incidents and intrusions.



Required Experience 

  • 4+ years of experience within Security Operations, Threat Intelligence or Cyber Incident Response in a technical capacity.
  • In depth understanding of the MITRE ATT&CK Framework and Cyber Kill Chain methodologies.
  • Hands-on experience analyzing diverse tooling and log/data sources, such as: Cloud (AWS, Azure, GCP), DNS, Identity (OAuth, ADFS, Kerberos, etc.), Firewall, Endpoint (Windows and MacOS), etc.
  • Strong analytical skills and the ability to effectively research, write, communicate and brief to varying levels of audiences to include at the executive level.
  • Demonstrated proficiency with regular expression and scripting languages, including Bash and Powershell.




  • Demonstrated capability with endpoint detection and “live” response tools.
  • Familiarity with digital forensics applications and frameworks.
  • Prior experience in hands on or advisory IR related job functions.
  • Demonstrates individual growth mindset through professional development and certifications.
  • Familiarity with Python/JavaScript.
  • Proficiency with DFIR related open-source tools, memory, and full disk analysis.
  • Understanding of CI/CD tools and processes.

What's Cool About Working Here...

Consider applying even if you don’t meet all the requirements – Canoo hires for aptitude, skills and desire to learn and excel!


Travel Requirements


  • <5% may be required for travel depending on location, conferences, and training.


Physical Requirements for Non-Physical Positions


While performing the duties of this job, employees may be required to sit for prolonged periods of time, occasionally bending or stooping, lifting up to 10 pounds, and prolonged periods of computer use.


Reasonable Accommodations


Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the position.


What's Cool About Working Here... 


  • Meaningful, challenging work that will redefine automotive landscape and make EVs available to everyone 
  • Comprehensive Health Insurance 
  • Equity Compensation
  • Flexible Paid Time Off
  • Casual workplace with an unbelievable feeling of energy


Canoo is an equal opportunity-affirmative action employer and considers all qualified applicants for employment based on business needs, job requirements and individual qualifications, without regard to race, color, religion, sex, age, disability, sexual orientation, gender identity or expression, marital status, past or present military service or any other status protected by the laws or regulations in the locations where we operate. 


Any unsolicited resumes or candidate profiles submitted in response to our job posting shall be considered the property of Canoo Inc. and its subsidiaries and are not subject to payment of referral or placement fees if any such candidate is later hired by Canoo unless you have a signed written agreement in place with us which covers the applicable job posting. 


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed