Detection Engineer
Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.
With a mission to use data and AI to power precision medicine and improve patient care, our teams blend deep healthcare expertise with modern product development practices. Tempus products are owned and developed by small, autonomous teams made up of software engineers, designers, scientists, and product managers. These teams set goals, build the software, deploy the code, and contribute to a growing platform that is transforming healthcare.
The Security Operations Center is building the data foundation for threat detectionreliable pipelines that land security events in our SIEM platform. This is a software engineering role inside security: you will build in Python, integrate APIs, and test your work, with mentorship on SIEM usage, detection logic, and alert quality. Over time, you will help us grow agentic SOC workflows (AI-assisted triage, enrichment, and detection support) with human-in-the-loop guardrailsadding automation only when the data and evidence justify it, not on a hype-driven timeline.
Responsibilities:
- Build and maintain log ingestion pipelines that collect security events from internal and third-party sources and deliver them to our SIEM platform.
- Normalize and forward events using existing patterns for batching, sizing, and failure handling.
- Build tests and fix bugs using mocked APIs and team CI standards (lint, format, coverage).
- Operate pipelines reliablymonitor failures, tune ingestion windows and rate limits, and document configuration.
- Support detection engineering with guidancevalidate that new data is queryable in the SIEM; assist with simple parser or field fixes; learn how detections map to adversary behavior.
- Help manage and improve our detection-as-code pipelineversioned detection content in git, automated checks in CI, and review before changes reach production.
- Participate in code review.
Agentic SOC (incremental; human-in-the-loop):
- Build with agentic coding tools (e.g. Claude Code, Cursor) as part of daily developmentdirect, review, and test what you ship; do not rely on typing every line from scratch.
- Contribute incrementally to agentic workflowsenrichment scripts, structured handoffs into SOAR automations, and evaluation of AI-assisted summaries or drafts in non-production or human-reviewed paths before any autonomous response.
- Validate changes on historical data before production trustrules, parsers, and automation earn approval through evidence, simulation or shadow mode, and defined rollback paths.
- Assist in building and maintaining SOAR automations (enrichment, triage steps, and documentationwith review before production changes).
Requirements:
- Comfortable building PythonAPIs and JSON, basic error handling, and tests in a managed project (Poetry or similar).
- Ability to integrate systems via APIsOAuth or API keys, retries, and handling partial failures.
- Testing disciplineunit tests, readable failures, and fixing regressions you introduce before merge.
- Git and collaborative developmentsmall, reviewable changes with clear descriptions of risk and rollout.
- Temperament for long-horizon workyou can focus on incremental pipeline quality while understanding it enables agentic SOC capabilities over time, not instead of them.
- Strong problem-solving skills and curiosity about security operations; willingness to learn detection concepts with mentorship.
Bonus points for:
- Experience with scheduled jobs or Docker.
- Hands-on SIEM exposure from coursework, CTFs, labs, or internships (e.g. Splunk, Google SecOps, Microsoft Sentinel).
- Can navigate cloud primitives on GCP, Azure, or AWS (S3/GCS/Blob, Key Vault/Secret Manager/Secrets Manager, IAM roles and service principals).
- Experience with infrastructure as code (e.g. Terraform).
- Strong understanding of IAM principles in GCP (least privilege, service accounts, workload identity, and role bindings).
Chicago Base salary: $100,000-$140,000
The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.
We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Detection Engineer
Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.
With a mission to use data and AI to power precision medicine and improve patient care, our teams blend deep healthcare expertise with modern product development practices. Tempus products are owned and developed by small, autonomous teams made up of software engineers, designers, scientists, and product managers. These teams set goals, build the software, deploy the code, and contribute to a growing platform that is transforming healthcare.
The Security Operations Center is building the data foundation for threat detectionreliable pipelines that land security events in our SIEM platform. This is a software engineering role inside security: you will build in Python, integrate APIs, and test your work, with mentorship on SIEM usage, detection logic, and alert quality. Over time, you will help us grow agentic SOC workflows (AI-assisted triage, enrichment, and detection support) with human-in-the-loop guardrailsadding automation only when the data and evidence justify it, not on a hype-driven timeline.
Responsibilities:
- Build and maintain log ingestion pipelines that collect security events from internal and third-party sources and deliver them to our SIEM platform.
- Normalize and forward events using existing patterns for batching, sizing, and failure handling.
- Build tests and fix bugs using mocked APIs and team CI standards (lint, format, coverage).
- Operate pipelines reliablymonitor failures, tune ingestion windows and rate limits, and document configuration.
- Support detection engineering with guidancevalidate that new data is queryable in the SIEM; assist with simple parser or field fixes; learn how detections map to adversary behavior.
- Help manage and improve our detection-as-code pipelineversioned detection content in git, automated checks in CI, and review before changes reach production.
- Participate in code review.
Agentic SOC (incremental; human-in-the-loop):
- Build with agentic coding tools (e.g. Claude Code, Cursor) as part of daily developmentdirect, review, and test what you ship; do not rely on typing every line from scratch.
- Contribute incrementally to agentic workflowsenrichment scripts, structured handoffs into SOAR automations, and evaluation of AI-assisted summaries or drafts in non-production or human-reviewed paths before any autonomous response.
- Validate changes on historical data before production trustrules, parsers, and automation earn approval through evidence, simulation or shadow mode, and defined rollback paths.
- Assist in building and maintaining SOAR automations (enrichment, triage steps, and documentationwith review before production changes).
Requirements:
- Comfortable building PythonAPIs and JSON, basic error handling, and tests in a managed project (Poetry or similar).
- Ability to integrate systems via APIsOAuth or API keys, retries, and handling partial failures.
- Testing disciplineunit tests, readable failures, and fixing regressions you introduce before merge.
- Git and collaborative developmentsmall, reviewable changes with clear descriptions of risk and rollout.
- Temperament for long-horizon workyou can focus on incremental pipeline quality while understanding it enables agentic SOC capabilities over time, not instead of them.
- Strong problem-solving skills and curiosity about security operations; willingness to learn detection concepts with mentorship.
Bonus points for:
- Experience with scheduled jobs or Docker.
- Hands-on SIEM exposure from coursework, CTFs, labs, or internships (e.g. Splunk, Google SecOps, Microsoft Sentinel).
- Can navigate cloud primitives on GCP, Azure, or AWS (S3/GCS/Blob, Key Vault/Secret Manager/Secrets Manager, IAM roles and service principals).
- Experience with infrastructure as code (e.g. Terraform).
- Strong understanding of IAM principles in GCP (least privilege, service accounts, workload identity, and role bindings).
Chicago Base salary: $100,000-$140,000
The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.
We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Government Careers
Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
MORE JOBS
-
Posting Security Guard- Retail
- South Gate, California
- Allied Universal
- Jul 01, 2026
-
Surveillance Security Officer - 3rd Shift
- Des Moines, Iowa
- Garda World Security
- Jul 01, 2026
-
SECURITY OFFICER
- Milwaukee, Wisconsin
- Froedtert Memorial Lutheran Hospital
- Jul 01, 2026
-
School Campus Safety Officer
- Buckeye, Arizona
- Young World Physical Education
- Jul 01, 2026
-
Event Security - KC Stadium
- Leavenworth, Kansas
- Allied Universal Event Services
- Jul 01, 2026
-
Transportation Security Officer (TSO)
- Omaha, Nebraska
- Phenom People
- Jul 01, 2026