Tenzir is building an open-core security data pipeline for the AI era. We empower defenders to collect, shape, and route security telemetry at scale. Our stack relies on C++23/26 and Apache Arrow for the core engine, with a modern TypeScript platform layer.
We are hiring for 4 key technical roles to join our distributed team (HQ in Hamburg):
- Software Engineer (Core Engine): Systems programming with C++23/26. Work on our pipeline language, query execution, database integrations, and streaming data processing with Apache Arrow.
- Software Engineer (Product): Full-stack TypeScript/Python focus. Build the control plane, platform APIs, and developer tools, AI workflows, and anything else that makes our engine accessible.
- Account Executive: Our first dedicated AE to own the full enterprise sales cycle. You'll work with complex deals in security and data infrastructure.
- Solutions Engineer: Lead POCs and post-sales implementation. You'll be the hands-on engineer ensuring customers succeed with complex data pipelines.
We are a remote-first team across European timezones. If you like solving hard data problems, we'd love to hear from you.
For deploying Claude Code as agent, Cloudflare is also an interesting option.
I needed a way to run Claude marketplace agents via Discord. Problem: agents can execute code, hit APIs, touch the filesystem—the dangerous stuff. Can't do that in a Worker's 30s timeout.
Solution: Worker handles Discord protocol (signature verification, deferred response) and queues the task. Cloudflare Sandbox picks it up with a 15min timeout and runs claude --agent plugin:agent in an isolated container. Discord threads store history, so everything stays stateless. Hono for routing.
This was surprisingly little glue. And the Cloudflare MCP made it a breeze do debug (instead of headbanging against the dashboard). Still working on getting E2E latency down.
Tenzir is hiring several key engineering roles to meet the needs in expanding the team. Our product: security data pipelines. From the data side, think of it as an Arrow-native, multi-schema ETL tool that offers optional storage in Parquet/Feather. From the security perspective, think of it as a solution for collecting, parsing, transforming, aggregating, and routing data. We typically sit between the data sources (endpoint, network, cloud) and sinks (SIEM, data lake).
Our open-source execution engine is C++20, our platform is SvelteKit and TypeScript. Experience with data-first frontend apps is a great plus. Open positions at https://tenzir.jobs.personio.de:
- Senior C++ Engineer
- (SecOps) Solution Engineer
We are based out of Hamburg, Germany, and hire across EU time zones, stretching all the way to India.
We see this trend as well. And AWS Security Lake goes exactly there.
Right now, we‘re working on OCSF normalization in our pipelines to drop structured security telemetry in the right format where you need it. Like a security ETL layer.
We considered ClickHouse and DuckDB but struggled with making the execution engine multi-schema, e.g., more jq-like but still on top of data frames. So we started with a custom catalog and engine on top of Parquet and Feather that we will later factor into a plugin to transpile our query language (TQL) to SQL. The custom language because security people are not data engineers.
We're building something similar at Tenzir, but more for operational security workloads. https://docs.tenzir.com
Differences to Vector:
- An agent has optional indexed storage, so you can store your data there and pick it up later. The storage is based on Apache Feather, Parquet's little brother.
- Pipelines operators both work with data frames (Arrow record batches) or chunks of bytes.
- Structured pipelines are multi-schema, i.e., a single pipeline can process streams of record batches with different schemas.
Tenzir is hiring several key engineering roles to meet the needs in expanding the team. Our product: security data pipelines. From the data side, think of it as an Arrow-native, multi-schema ETL tool that offers optional storage in Parquet/Feather. From the security perspective, think of it as a solution for collecting, parsing, transforming, aggregating, and routing data. We typically sit between the data sources (endpoint, network, cloud) and sinks (SIEM, data lake).
Also a pipeline language, PRQL-inspired, but differing in that (i) TQL supports multiple data types between operators, both unstructured blocks of bytes and structured data frames as Arrow record batches, (ii) TQL is multi-schema, i.e., a single pipeline can have different "tables", as if you're processing semi-structured JSON, and (iii) TQL has support for batch and stream processing, with a light-weight indexed storage layer on top of Parquet/Feather files for historical workloads and a streaming executor.
We're in the middle of getting TQL v2 [@] out of the door with support for expressions and more advanced control flow, e.g., match-case statements. There's a blog post [#] about the core design of the engine as well.
While it's a general-purpose ETL tool, we're targeting primary operational security use case where people today use Splunk, Sentinel/ADX, Elastic, etc. So some operators are very security'ish, like Sigma, YARA, or Velociraptor.
Tenzir is hiring several key engineering roles to meet the needs in expanding the team. Our product: security data pipelines. From the data side, think of it as an Arrow-native, multi-schema ETL tool that offers optional storage in Parquet/Feather. From the security perspective, think of it as a solution for collecting, parsing, transforming, aggregating, and routing data. We typically sit between the data sources (endpoint, network, cloud) and sinks (SIEM, data lake).
Our open-source execution engine is C++20, our platform is SvelteKit and TypeScript. Experience with data-first frontend apps is a great plus.
Since I've just switched from buggy Claude Code to pi, I created an extension for it: https://github.com/mavam/pi-mcporter.
There are still a few OAuth quirks, but it works well.
reply