This website uses cookies to ensure you get the best experience.

TryHackMe and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
TryHackMe career site
Remote-HQ · Fully Remote

Founding Engineer - Ruleforge

Ruleforge (Detection Engineering Startup backed by TryHackMe)

SOC teams everywhere are drowning in noise. They’re buried in alerts, chasing false positives, and wasting precious time that should be spent stopping real attackers. The biggest choke point? Detection rules. Done badly, they kill efficiency. Done well, they unlock SOCs to focus on threats that matter.

We’re building Ruleforge to fix this problem — and we’re looking for a Founding Engineer to help us make it happen. Backed by TryHackMe (900+ companies, 5M+ users), you’ll be building with brand, distribution, and credibility from day one.

Why this is different

  • Be the first – You won’t be engineer #27, you’ll be the engineer that writes the first lines of code and shapes the entire technical DNA.

  • Speed & intensity – We’ll be shipping constantly, validating with real SOC teams, and iterating daily.

  • Unfair advantage – TryHackMe already reaches millions of practitioners and hundreds of companies. Ruleforge will be built for them, with them.

What’s in it for you

  • Equity & ownership – A real stake in building something from zero.

  • Technical leadership – Autonomy to choose the stack, set the standards, and grow into CTO if you want it.

  • Career-defining challenge – You’ll be part of a founding team solving one of security’s hardest problems.

  • Backed but independent – Build fast with the support of a profitable global company behind you.

What you’ll do

  • Product Development: Build, test, and deploy the MVP, ensuring it solves core customer problems.

  • Technical Ownership: Make decisions on languages, frameworks, infrastructure, and architecture.

  • Iteration & Validation: Ship fast, learn from customer feedback, and continuously improve.

  • Leadership & Culture: Help shape Ruleforge’s engineering culture and technical direction.

Who we’re looking for

  • All-in builder – You thrive in messy, ambiguous environments and want to create from scratch.

  • Proven engineer – Strong full-stack and infrastructure fundamentals (Python/Go/Node; AWS/GCP/Azure; distributed systems).

  • 0→1 experience – You’ve shipped real products, ideally in a startup or high-pressure environment.

  • Security curious – Exposure to SIEMs, detection rules, or SOC workflows is a plus (but not required).

  • Customer-minded – Comfortable engaging with users, and translating feedback into technical solutions.

  • Founder pace – Ready to work harder than you’ve ever worked before — with the upside to match.

What the journey looks like

  • Short term – Build and ship the MVP, get it into SOC teams’ hands, and iterate fast.

  • Mid term – Scale the product, bring in the next wave of engineers, and shape our engineering culture.

  • Long term – Define the technical vision as Ruleforge becomes the detection backbone for SOCs everywhere.

Why now

SOC teams need help — attackers are moving faster, analysts are burning out, and the current tools aren’t keeping up. With our reach, brand, and conviction, this is a once-in-a-lifetime shot to build something that truly changes how defenders work.

You’ll get equity, autonomy, and the chance to be the engineer who shapes a company from day one — backed by one of the fastest-growing cybersecurity training companies in the world.

Locations
Remote-HQ
Remote status
Fully Remote
Employment type
Full-time
Picture of Daryl Benson
Contact Daryl Benson Global Talent Acquisition Lead – People & Operations

Live jobs

More jobs

About TryHackMe

TryHackMe takes the pain out of learning and teaching cyber security. Our platform makes it a comfortable experience to learn by designing prebuilt courses that include virtual machines (VM) hosted in the cloud and ready to be deployed. This avoids the hassle of downloading and configuring VMs. Our platform is perfect for CTFs, Workshops, Assessments, or Training. We've come a long way since launching in 2018, with over six million users on the platform!

Founded in 2018
Co-workers 150+
Remote-HQ · Fully Remote

Founding Engineer - Ruleforge

Loading application form

Already working at TryHackMe?

Let’s recruit together and find your next colleague.

Applicant tracking system by Teamtailor