Threat Detection Engineer - Security Operations
$113.03k - $140kID.me
Job Description
Job Description
Company Overview
ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me's technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to "No Identity Left Behind" to enable all people to have a secure digital identity. To learn more, visit
ID.me is a full-time, in-office culture. Unless a specific job description explicitly states otherwise, all roles are on-site five days per week at one of our offices in McLean, VA; Mountain View, CA; New York City, NY; or Tampa, FL. Certain roles — such as field-based sales or other remote-by-design positions — may have different work arrangements as noted in their individual postings.
At ID.me, we embrace the thoughtful use of AI tools in our daily work and there are even occasions where we leverage AI in our hiring process. However, during the interview process, we want to understand your individual skills and experiences. Therefore, we have guidelines on how AI can be appropriately used during your application and interviews which can be found here.
Role Summary
We are seeking a Threat Detection Engineer to join our security engineering and operations team. In this role, you will develop, test, and optimize high-fidelity detections across modern security data platforms, with a focus on security analytics, automation, and threat detection at scale. You will be expected to bring — and continuously develop — strong AI literacy: designing detection workflows that leverage large language models, anomaly detection, and agentic pipelines, while also understanding and defending against AI-specific attack surfaces.
You should be comfortable writing structured, reusable detection logic, working with infrastructure-as-code (IaC), and integrating behavioral and threat intelligence into detection strategies. You will collaborate closely with incident response, threat intel, and platform engineering teams to ensure resilient, high-quality coverage of modern threat scenarios across cloud and enterprise environments — including threats targeting and exploiting AI systems.
Key Responsibilities
- Design and implement detection logic across SIEM/SOAR platforms, including Splunk, Google Chronicle (SecOps), and Elastic/Logstash.
- Build scalable detection rules, analytics, and anomaly models to detect adversary TTPs aligned with MITRE ATT&CK.
- Develop and maintain detection-as-code using Python and YAML-based rule formats (e.g., Sigma, YARA-L, Kusto, or Lucene).
- Design and evaluate LLM-assisted detection and triage workflows, including prompt engineering for alert enrichment, summarization, and classification.
- Build and maintain AI-augmented detection pipelines: anomaly scoring, embedding-based similarity search, natural language parsing for phishing and social engineering detection, and LLM-based log analysis.
- Apply AI security literacy to identify and detect risks in AI-integrated environments, including prompt injection, model abuse, data exfiltration via LLMs, and shadow AI usage.
- Perform quality assurance and validation of alerts — including AI-generated signals — to minimize false positives and increase signal fidelity.
- Leverage Snowflake and SQL to normalize and query large datasets across multiple telemetry sources, including AI system logs and API call records.
- Contribute to infrastructure-as-code workflows for detection deployment (e.g., Terraform, GitOps pipelines).
- Collaborate with Threat Intelligence and IR teams to translate threat actor TTPs — including those targeting AI systems — into actionable detections.
- Participate in detection tuning, red/blue team exercises, and post-incident reviews, including adversarial testing of AI-assisted detection logic.
- Maintain availability for 24x7 on-call rotation and ensure timely response to security incidents during standard EST business hours.
Required Qualifications
- 2-4 years in a security engineering or other relevant security operations role.
- Proficiency with Splunk, Elastic Stack, Google SecOps (Chronicle), and/or Logstash.
- Strong programming or scripting experience in Python and SQL.
- Working experience authoring detection logic using YARA-L, Sigma, or equivalent formats.
- Demonstrated AI literacy: hands-on experience using LLM APIs (e.g., OpenAI, Anthropic, Google Gemini) or AI/ML frameworks for security use cases, including prompt engineering, retrieval-augmented generation (RAG), or agentic workflows.
- Understanding of AI/ML concepts relevant to detection: anomaly detection, clustering, embedding models, LLM-based enrichment, and the limitations and failure modes of these approaches.
- Ability to assess and detect AI-specific threats: prompt injection, model inversion, training data poisoning, and LLM-facilitated social engineering.
- Experience working with cloud-scale security data and log management tools.
- Familiarity with MITRE ATT&CK, threat modeling, and behavioral-based detections.
- Knowledge of Infrastructure-as-Code (IaC) and version control systems (e.g., GitHub, Terraform, GitLab CI/CD).
Preferred Qualifications
- Industry security certifications such as GCIA, GCIH, GCFA, Security+, or AI/ML security credentials.
- Experience with Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE), including GKE security posture management, audit logging, and cloud-native workload monitoring.
- Experience building or operating SOAR integrations with LLM-assisted triage or response recommendations.
- Hands-on experience with agentic AI frameworks (e.g., LangChain, LlamaIndex, or custom tool-use pipelines) applied to security automation.
- Familiarity with Snowflake's Security Data Lake or cloud-native log pipelines, including telemetry from AI platforms (e.g., OpenAI API logs, Azure AI services).
- Exposure to red team/blue team collaboration, threat hunting, or adversary emulation frameworks, with emphasis on AI-enabled attack scenarios.
- Experience red-teaming or evaluating LLM-based systems for security weaknesses.
- Contributions to open-source detection or AI security tooling projects.
Ideal Candidate Will Thrive In Our Culture:
- Demonstrates a strong passion for security and a commitment to protecting digital identities.
- Keeps pace with the rapidly evolving AI threat landscape and proactively translates emerging research into detection coverage.
- Adapts well to changing priorities and can shift gears quickly in a fast-paced environment.
- Exhibits excellent oral and written communication skills, including the ability to explain AI-driven detection decisions to non-technical stakeholders.
- Works well within a team, but is also self-driven and capable of managing tasks independently.
- Shows a continuous desire for learning and professional development, staying current with advances in both cybersecurity and applied AI.
Location:
Candidates must be located in the continental U.S. and able to work on-site in Mountain View, CA.
The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role.
ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.
Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors.
Mountain View, CA Pay Range
$113,033—$140,000 USD
ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.
Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.
ID.me participates in E-Verify.
$230.1k - $325.3k
...delivering AI and ML‑powered threat intelligence, threat detection, protections, and threat... ...incident responders, and engineers to protect organizations... ...to accelerate AI‑driven security innovation, we are... ...innovation while balancing operational excellence and scalability...OperationsTemporary workRemote work- ...reports to the Cyber Security Manager and is responsible... ...and analyzing threat feeds in order to assist... ...business projects, and IT engineering in regards to security... ...firewalls, intrusion detection/protection and related... ...working with a Security Operation Center Experience in...Operations
- ...Chief Information Security Officer Full-time Regular... ..., customer data, and operational resilience while... ...cloud platforms, and engineering workflows. Lead security... ...response program, including detection, escalation,... ...continuous monitoring, threat intelligence integration...OperationsFull timeContract work
- ...analysis on digital systems, and supporting threat detection and response activities across... ...incident response, malware analysis, and security monitoring, and collaborate SOC... ..., incident response, or cybersecurity operations. Strong understanding of Windows, Linux...OperationsContract work
$137.2k - $196k
...agile, efficient, resilient, and secure. As an AI-forward enterprise,... ...to stay ahead of evolving threats. We believe in transparency... ...for an Information Security Engineer (Data Security) to join our team... ...governance, DSPM operations, and audit control evidence;...OperationsFull timeTemporary workWork at officeLocal areaRemote workShift work3 days per week- NICE is seeking a Senior Software Engineer for its Fraud Detection Platform located in Santa Clara, California. The successful candidate will maintain... ...using both modern and legacy Java stacks while ensuring security and stability. Your responsibilities include diagnosing...
$127.6k - $206.53k
...outcomes. Job Summary The Team Information Security - We’re not your ordinary Information... ...Job Summary As a Staff Network Security Engineer on our Enterprise Security team, you... ...Infrastructure‑as‑Code (IaC) to streamline security operations and ensure consistent control...OperationsFull timeWork at officeVisa sponsorshipWork visa$165k - $242k
...You'll Do: The Enterprise Security team at CoreWeave is responsible... ...Role: As a Senior Security Engineer, Enterprise Security , you'... ...Design, implement, and operate workforce identity solutions... ...SaaS posture). Partner on detection, response, and governance...OperationsPermanent employmentTemporary workFor contractorsCasual workWork at officeRemote workFlexible hours$208k - $260k
Gigamon, based in Santa Clara, CA, is seeking a Security Detection Engineer to enhance security solutions. The role entails designing security detections, collaborating across teams, and leveraging a broad technical background. Ideal candidates possess a Bachelor’s degree...- ...an experienced Software Development Engineer to join our AI Detection and Response Cloud team. In this role... ...cloud services for handling AI security events at scale. Your contributions... ...their fight against sophisticated AI threats. The ideal candidate should have over...Work at office
- ...scale, and intelligent automation define the future of operations. As a Senior Site Reliability Engineer, you will design and operate the platforms that... ...effective monitoring Leverage AI/ML to automate incident detection, root cause analysis, and remediation - reducing...OperationsVisa sponsorshipWork visa
$203.1k - $225.67k
...leader in AI‑powered data security and management. Aided... ...against cybersecurity threats with comprehensive... ...snapshots, AI‑based threat detection, monitoring for... ...Work effectively with Engineering, Vice‑President, Product... ...experience in computer operating systems, hardware architecture...Hourly payFull time$134k - $215.5k
Job Summary As a Senior Technical Marketing Engineer on the Cloud-Delivered Security Services (CDSS) team, you will serve as a primary technical authority and champion for our next‑generation threat detection and prevention services. Positioned at the core of our Precision...Visa sponsorshipWork visa- ...in-depth priorities for Corporate Security. This role oversees the Security Operations Center (SOC), Corporate IT... ...high-fidelity monitoring and rapid threat response across all corporate environments... ...and the development of custom detection logic for SIEM and EDR platforms....OperationsFull timeFor contractors
- ...Trinnex is seeking a Senior Cyber Security Analyst to join their Security Team in San Jose, California. This role involves protecting... ...and increasing the organization's security posture through advanced threat detection and collaboration across teams. #J-18808-Ljbffr...
- ...for an outstanding Senior Software Engineer to work on our security team focused on securing at scale... ...evolve security systems, policies, and operational practices that protect critical... ...technologies and AI‑based threat detection (e.g.; Mythos) BS in Computer Science...
- Proofpoint is seeking an experienced Product Manager for its Threat Protection Group in Sunnyvale, California. This role involves defining product strategy and collaborating with various teams to deliver effective cybersecurity solutions. The ideal candidate has 3-5 years...Flexible hours
- Product Manager, Threat Protection Group We are seeking a driven... ...to address evolving security threats. Key Responsibilities... ...analysis. Collaborate with engineering, design, sales, and marketing... ...cybersecurity concepts (e.g., threat detection, SOC operations, identity & access...OperationsFlexible hours
$200k - $225k
Palo Alto Networks, Inc. is looking for a Senior Engineer to design and build distributed backend services for their Prisma Access... ...working with cutting-edge technologies to optimize cloud security operations and implementing machine learning concepts. With a minimum of...Operations$100k - $150k
...automate and optimize their operations. We leverage cutting-... ...to create scalable, secure, and user-friendly... ...Application Security Engineer to join our dynamic team... ...Responsibilities Conduct threat modeling and security... ...protection, and abuse-detection mechanisms. Design...OperationsFull timeH1bLocal areaImmediate startRemote workVisa sponsorshipWork visa$140k - $215k
...experienced Software Development Engineer to join our AI Detection and Response (AIDR) Cloud... ...processes millions of AI security events per second and... ...sophisticated AI‑based threats. Success Means Architect... ...engineering teams Drive operational excellence through rapid...Work experience placementWork at officeLocal areaWorldwide$170k - $255k
...your mark, come join us. THE ROLE As a Security Operations Engineer in the Global Information Security... ...as the primary architect for secrets detection within CI/CD pipelines . You will partner... ...efforts have eliminated critical threats. WHAT YOU BRING Security Engineering...OperationsWork at officeShift work- ...Services Senior Consultant specializing in AI for Detection and Response. In this role, you will manage the deployment and operational support of AI capabilities within the... ...to develop technical solutions that enhance security outcomes for clients. A collaborative approach...
$147k - $237.5k
Palo Alto Networks, Inc. is seeking a Principal Software Engineer in Santa Clara, California, to design and implement Threat Intelligence Services. The role involves working on the cloud-native malware detection platform, WildFire. Candidates should have extensive knowledge...$212k - $318.4k
...Inc. is seeking a Platform Architect - Security in Cupertino, California. This role involves... ...principles, platform security, and threat modeling. The position requires strong leadership... ...skills to collaborate with various engineering teams to enhance security while ensuring...$307k - $427k
...degree in Computer Science or Electrical Engineering, or equivalent practical experience. 15... ...Networking AI Principal Engineer for Network Security, you will provide strategic direction to... ...infrastructure and workloads, making threat containment critical. While AI and...Full time- ...contain cyberattacks and enable operational resilience. Powered by the Illumio AI Security Graph, our breach containment... ...platform identifies and contains threats across hybrid multi‑cloud... ...Headquarters. Our Team's Vision Our Engineering team is driven by a culture...Immediate start
- ..., and documentation of comprehensive IT security policies, standards, and procedures from... ...reflect organizational changes and emerging threats • Establish clear, enforceable... ...Lead and collaborate with IT, Security Operations, Risk Management, Compliance, and business...Operations
- ..., built-for-scale Managed Detection and Response (MDR) provider... ...posture through advanced threat detection, rapid response,... ...As a Head of Platform Engineering at TENEX, you will be a strategic... ...scalability, reliability, security, and operational excellence of the platform...Operations
- ...Chief Information Security Officer (CISO) About the Company Trusted provider &... ...global security strategy, leading security operations and governance, and ensuring... ...access management, cloud security, and threat detection, is essential, as is experience with security...Operations
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Threat Detection Engineer - Security Operations. Be the first to apply!
- business operations intern San Jose, CA
- vice president hotel operations San Jose, CA
- vice president manufacturing operations San Jose, CA
- senior vice president of operations San Jose, CA
- vice president technical operations San Jose, CA
- aviation operations San Jose, CA
- hotel operations intern San Jose, CA
- creative operations San Jose, CA
- operations chef San Jose, CA
- operations advisor San Jose, CA


