Senior Security Engineer, Threat Detection & Response

Senior Security Engineer, Threat Detection & Response

Denver, CO or Long Beach, CA

True Anomaly seeks those with the talent and ambition to build the technology that secures space.

True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.

Your Mission

As a Senior Security Engineer on the Threat Detection & Response team, you will lead complex incident investigations, mature our insider risk program, and serve as a trusted partner to engineering, legal, executive leadership, and external stakeholders during high-stakes security events.

You'll lead end-to-end response for the most sensitive security incidents, build and scale our insider risk monitoring capabilities, and translate complex technical findings into actionable insights for both technical teams and C-suite stakeholders. You'll set the bar for investigative diligence, evidence handling, and cross-functional coordination during high-stakes situations.

This role is a great fit for a seasoned investigator and incident responder who thrives in high-pressure environments, has deep experience navigating multi-stakeholder investigations, and wants to make a tangible impact on a growing security program.

This position requires the ability to obtain and maintain a security clearance.

Responsibilities

• Lead end-to-end incident response for complex, high-severity security events, including technical investigation, containment, eradication, recovery, and executive-level reporting
• Build and mature True Anomaly's insider risk monitoring program, including detection strategy, investigative playbooks, and cross-functional escalation paths
• Serve as the principal technical liaison between the security team and partner organizations (IT, Engineering, Legal, HR, Compliance, and external government partners), translating complex technical findings for non-technical decision-makers
• Perform evidence collection, digital forensics, and malware triage activities; ensure investigative findings are documented to a standard suitable for legal, regulatory, and law enforcement use
• Develop and operationalize incident response plans, playbooks, and SOPs that scale with team growth and mission complexity
• Design and tune detections across corporate, cloud, and mission environments, leveraging frameworks like MITRE ATT&CK
• Proactively hunt for threats, including insider threats, and leverage threat intelligence to anticipate emerging adversary TTPs
• Administer and optimize EDR, SIEM, and SOAR platforms; build automation to improve investigative efficiency
• Brief executive leadership on active incidents, threat landscape, and program maturity in clear business terms
• Mentor junior detection and response engineers and contribute to hiring as the team grows

Qualifications

A good candidate will have:

• 4+ years of experience in cybersecurity, with significant time spent leading incident response, complex investigations, threat hunting, or detection engineering
• Demonstrated experience leading multi-stakeholder investigations end-to-end, from initial triage through executive reporting and post-incident review
• Hands-on experience with digital forensics, malware triage, and evidence handling in environments where investigative rigor matters
• Experience building or contributing to an insider risk or insider threat monitoring program
• Strong working knowledge of EDR platforms, SIEM platforms (e.g., Splunk, Elastic, or similar), and SOAR tooling
• Working knowledge of Windows, MacOS, and Linux endpoint security and common attack techniques
• Solid understanding of attack vectors, adversary TTPs, and security frameworks such as MITRE ATT&CK and the Cyber Kill Chain
• Experience with scripting (e.g. Python, PowerShell, or Bash) for automation, enrichment, or analysis tasks
• Proven ability to brief executives and translate technical risk into business language
• Clear verbal and written communication skills, with experience producing intelligence reports, investigative findings, or executive briefings

Preferred Qualifications

An ideal candidate will also have:

• Active TS/SCI security clearance or ability to obtain and maintain a security clearance
• Knowledge of digital forensics and malware analysis techniques
• Experience building or significantly maturing a detection and response program
• Experience working in Azure Government Cloud (Azure GovCloud) environments
• Experience with cloud security monitoring in AWS, GCP, or Azure commercial environments
• Familiarity with CMMC, FedRAMP, NIST 800-53, or other federal compliance frameworks
• Experience with Detections-as-Code, CI/CD, etc
• Experience participating in or supporting red team/purple team exercises

Work Environment

• This role operates in a fast-paced, high-stakes environment where rapid decision-making and adaptability are essential
• Onsite work is required in our Denver or Long Beach offices
• On-call rotation participation, including after-hours participation, is required for incident response coverage
• Must be comfortable working under pressure during active security incidents
• High degree of autonomy and ownership
• Direct access to leadership and opportunity to influence security strategy

What We Offer

• Competitive salary
• Opportunity to work on challenging, mission-critical security initiatives
• Professional development and certification support
• Collaborative culture with experienced security professionals

Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

Base Salary: Denver - $145,000 - $230,000, Long Beach - $150,000 - $240,000

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations