The Hacking Games
Chain-Platform Engineer

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Chain-Platform Engineer
Adversary Chain Engine (ACE)
THG Ventures
Location: UK, or remote across compatible time zones.
Reports to: Chief Product Officer (CPO) alongside AI Architecture Lead and Black team Lead.
Stage
The company is well-funded. The platform runs end to end in private use with existing Chains.
About ASE
ASE is a chain-native detection platform. It captures adversary attack chains as structured graphs, maps them against a customer's detection estate, and ships the rules their existing SIEM and EDR are missing.
Chains are live and the platform runs end to end. The next two quarters take the product from its design-Partner stage into full chain runtime. You would be the third engineer on the platform, reporting directly to the CPO.
What you will work on
Stage 1, Chain Design
- Grow the current rule manifest into a declarative chain manifest that carries the whole graph: the steps, how they connect, the timing and cross-silo joins, and the detection leaves each step compiles to.
- Refine per-stack leaf translators for Splunk SPL, Sentinel KQL, CrowdStrike and Defender. One generator per dialect, all reading a single chain-step representation.
- Extend the estate model from a static tool inventory to a rule inventory keyed against each customer's actually deployed content.
- Tighten the gap report so a customer downloads a coherent, manifest-bound bundle, not a zip of disconnected rules.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Stage 2, Chain Runtime
- With the founder and the first design-partner SOCs:
- A stateful correlator that consumes evidence events from customer SIEMs and scores how strongly the live evidence supports each chain.
- A lean evidence return channel: HTTPS ingest, schema validation, and resolution back to the manifest.
- Per-tenant isolation across the Postgres schema and artefact store.
- Enhance the statefulness to interpret real time status and infer next steps
The parts that make the correlation and confidence model work are the ones we do not put in a public post. We walk through them at interview.
Stack
- Backend: Python 3.12, FastAPI, SQLAlchemy 2.0 async, Alembic, Postgres 16, S3/R2 for artefacts.
- Frontend: React 18, TypeScript, Vite.
- LLM: AI Assisted coding, server-sent events for streaming generation.
- Dev: Docker Compose locally, GitHub for source, Claude Code as the daily driver.
What you must have
- Strong Python. Comfortable with async, ORMs, schema migrations and FastAPI in production.
- TypeScript and React to the level of “can ship a polished modal without supervision”.
- Detection engineering grounding. SIGMA and YARA in your day to day, MITRE ATT&CK and D3FEND as a working reference, and fluency in at least one SIEM dialect (SPL or KQL).
- Pragmatic about LLMs. You have used Claude Code or an equivalent to move at multiples of unaided speed, and you know when to trust the model, how to maintain architectural integrity within the tactical limits of Claude Code, and when to write the spec.
- Ideally built or operated detection content in a SOC, a vendor, or a red team.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
What earns you the offer
- Fluency across several SIEM and EDR query languages, not just one.
- Experience building correlation engines, streaming pipelines, or stateful event processors.
- Red team tooling or adversary emulation (Atomic Red Team, Caldera, Stratus).
- Shipped a developer tool or security platform from MVP to first paying customer.
What you will not be doing
- Wrestling with Kubernetes. The platform runs on Docker Compose today and moves to a managed PaaS next.
- Building another SIEM. ASE sits above the SIEM, it does not replace it.
- Writing rule packs to throw over the wall. Every rule we ship is wrapped in the chain manifest that explains why it matters.
Terms
- Full time.
- Direct line to the founders. First users are the design-partner SOCs.
- Expected ramp: production contribution by week three, first manifest-bound release inside two months.
Apply
Send a CV, a paragraph on the most interesting detection or correlation system you have built, and a link to something public or a GitHub repo we can read. hr@thg-v.com
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location