Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Threat Detection Engineer - Security Operations

$113.03k - $140k

ID.me

Job Description

Job Description

Company Overview

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me's technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to "No Identity Left Behind" to enable all people to have a secure digital identity. To learn more, visit

ID.me is a full-time, in-office culture. Unless a specific job description explicitly states otherwise, all roles are on-site five days per week at one of our offices in McLean, VA; Mountain View, CA; New York City, NY; or Tampa, FL. Certain roles — such as field-based sales or other remote-by-design positions — may have different work arrangements as noted in their individual postings.

At ID.me, we embrace the thoughtful use of AI tools in our daily work and there are even occasions where we leverage AI in our hiring process. However, during the interview process, we want to understand your individual skills and experiences. Therefore, we have guidelines on how AI can be appropriately used during your application and interviews which can be found here.

Role Summary

We are seeking a Threat Detection Engineer to join our security engineering and operations team. In this role, you will develop, test, and optimize high-fidelity detections across modern security data platforms, with a focus on security analytics, automation, and threat detection at scale. You will be expected to bring — and continuously develop — strong AI literacy: designing detection workflows that leverage large language models, anomaly detection, and agentic pipelines, while also understanding and defending against AI-specific attack surfaces.

You should be comfortable writing structured, reusable detection logic, working with infrastructure-as-code (IaC), and integrating behavioral and threat intelligence into detection strategies. You will collaborate closely with incident response, threat intel, and platform engineering teams to ensure resilient, high-quality coverage of modern threat scenarios across cloud and enterprise environments — including threats targeting and exploiting AI systems.

Key Responsibilities

- Design and implement detection logic across SIEM/SOAR platforms, including Splunk, Google Chronicle (SecOps), and Elastic/Logstash.

- Build scalable detection rules, analytics, and anomaly models to detect adversary TTPs aligned with MITRE ATT&CK.

- Develop and maintain detection-as-code using Python and YAML-based rule formats (e.g., Sigma, YARA-L, Kusto, or Lucene).

- Design and evaluate LLM-assisted detection and triage workflows, including prompt engineering for alert enrichment, summarization, and classification.

- Build and maintain AI-augmented detection pipelines: anomaly scoring, embedding-based similarity search, natural language parsing for phishing and social engineering detection, and LLM-based log analysis.

- Apply AI security literacy to identify and detect risks in AI-integrated environments, including prompt injection, model abuse, data exfiltration via LLMs, and shadow AI usage.

- Perform quality assurance and validation of alerts — including AI-generated signals — to minimize false positives and increase signal fidelity.

- Leverage Snowflake and SQL to normalize and query large datasets across multiple telemetry sources, including AI system logs and API call records.

- Contribute to infrastructure-as-code workflows for detection deployment (e.g., Terraform, GitOps pipelines).

- Collaborate with Threat Intelligence and IR teams to translate threat actor TTPs — including those targeting AI systems — into actionable detections.

- Participate in detection tuning, red/blue team exercises, and post-incident reviews, including adversarial testing of AI-assisted detection logic.

- Maintain availability for 24x7 on-call rotation and ensure timely response to security incidents during standard EST business hours.

Required Qualifications

- 2-4 years in a security engineering or other relevant security operations role.

- Proficiency with Splunk, Elastic Stack, Google SecOps (Chronicle), and/or Logstash.

- Strong programming or scripting experience in Python and SQL.

- Working experience authoring detection logic using YARA-L, Sigma, or equivalent formats.

- Demonstrated AI literacy: hands-on experience using LLM APIs (e.g., OpenAI, Anthropic, Google Gemini) or AI/ML frameworks for security use cases, including prompt engineering, retrieval-augmented generation (RAG), or agentic workflows.

- Understanding of AI/ML concepts relevant to detection: anomaly detection, clustering, embedding models, LLM-based enrichment, and the limitations and failure modes of these approaches.

- Ability to assess and detect AI-specific threats: prompt injection, model inversion, training data poisoning, and LLM-facilitated social engineering.

- Experience working with cloud-scale security data and log management tools.

- Familiarity with MITRE ATT&CK, threat modeling, and behavioral-based detections.

- Knowledge of Infrastructure-as-Code (IaC) and version control systems (e.g., GitHub, Terraform, GitLab CI/CD).

Preferred Qualifications

- Industry security certifications such as GCIA, GCIH, GCFA, Security+, or AI/ML security credentials.

- Experience with Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE), including GKE security posture management, audit logging, and cloud-native workload monitoring.

- Experience building or operating SOAR integrations with LLM-assisted triage or response recommendations.

- Hands-on experience with agentic AI frameworks (e.g., LangChain, LlamaIndex, or custom tool-use pipelines) applied to security automation.

- Familiarity with Snowflake's Security Data Lake or cloud-native log pipelines, including telemetry from AI platforms (e.g., OpenAI API logs, Azure AI services).

- Exposure to red team/blue team collaboration, threat hunting, or adversary emulation frameworks, with emphasis on AI-enabled attack scenarios.

- Experience red-teaming or evaluating LLM-based systems for security weaknesses.

- Contributions to open-source detection or AI security tooling projects.

Ideal Candidate Will Thrive In Our Culture:

- Demonstrates a strong passion for security and a commitment to protecting digital identities.

- Keeps pace with the rapidly evolving AI threat landscape and proactively translates emerging research into detection coverage.

- Adapts well to changing priorities and can shift gears quickly in a fast-paced environment.

- Exhibits excellent oral and written communication skills, including the ability to explain AI-driven detection decisions to non-technical stakeholders.

- Works well within a team, but is also self-driven and capable of managing tasks independently.

- Shows a continuous desire for learning and professional development, staying current with advances in both cybersecurity and applied AI.

Location:

Candidates must be located in the continental U.S. and able to work on-site in Mountain View, CA.

The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role.

ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.

Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors.

U.S. Pay Range

$113,033—$140,000 USD

Mountain View, CA Pay Range

$113,033—$140,000 USD

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.

ID.me participates in E-Verify.

Vacancy posted 22 days ago
Similar jobs that could be interesting for youBased on the Threat Detection Engineer - Security Operations in Washington DC vacancy
  • Tyto Athene, LLC is seeking a Cyber Event Monitoring Lead to support threat monitoring, detection, event analysis, and incident reporting in a 24/7 Security Operations Center. You will monitor enterprise networks and systems, detect events, and report threats, collaborating... 
    Operations

    Tyto Athene, LLC

    Washington DC
    2 days ago
  •  ...Industrial Control System Cyber Threat Intelligence Analyst for its...  ...required. Active Top Secret Security Clearance with SCI...  ...recommendations. You will support operational teams and senior leaders by investigating...  ...procedures (TTPs) for threat detection and response. Map ISC... 
    Operations
    Currently hiring

    Peraton

    Arlington, VA
    2 days ago
  •  ...performing processing, triage, threat analysis, and response to...  ...industrial Control Systems (ICS), Operational technology (OT), Supervisory...  ...necessary to ensure security and safe function of IC systems...  ...techniques, and procedures (TTPs) for detecting and responding to cyber... 
    Operations
    Currently hiring

    Peraton

    Arlington, VA
    2 days ago
  • $100k

     ...identify and root out sophisticated threat actors in an actively...  ...landscape. On our Defensive Cyber Operations (DCO) team, you will...  ...to incident investigations, detection development, and capability improvement...  ..., device telemetry, and security tool data to hunt for APT actor... 
    Operations
    Shift work
    Afternoon shift

    Johns Hopkins Applied Physics Laboratory

    Laurel, MD
    2 days ago
  • $100k - $124k

     ...Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications...  ...effectively - anytime, anywhere, securely. This is a contingent...  ...Maintain regional cyber threat expertise, deep...  ...intelligence platforms, intrusion detection systems, and SIEM tools.... 
    Operations
    Temporary work
    Remote work
    Overseas

    SkyePoint Decisions

    Arlington, VA
    2 days ago
  • $104k - $166k

     ...next-generation national security company that drives...  ...nation and allies. Peraton operates at the critical nexus...  ...and nontraditional threats across all domains:...  ...Encompasses technical, engineering, data analytics, cyber...  ...Familiarity with threat detection tools. Strong... 
    Operations
    Full time
    Contract work
    Temporary work
    Work at office
    Shift work

    Peraton

    Arlington, VA
    2 days ago
  • Leidos Defense Group is seeking a Cyber Security Fusion Analyst to support GSM-O II for Joint Force Headquarters DODIN at Fort Meade. You will analyze network data, triage events, detect threats, and develop metrics to strengthen defense. Responsibilities include leveraging... 

    Leidos

    Bethesda, MD
    18 hours ago
  •  ...Cyber Intelligence Analyst III to support cyber threat intelligence activities for our customer. You will...  ...and manage intelligence, support defense operations, and deliver analysis and reports to aid threat detection and decision-making. Responsibilities include analyzing... 
    Operations
    Remote job

    SOSi

    Washington DC
    1 day ago
  • $85k - $95k

    Job Title: Cyber Threat Intelligence Analyst Salary...  ...cybersecurity operations, fraud prevention, and...  ...intelligence products that help detect, prevent, and mitigate...  ...intelligence into Security Operations Center (SOC...  ...identity theft, and social engineering tactics. Experience... 
    Operations
    Temporary work
    Work at office
    Remote work
    Flexible hours

    SIXGEN

    Washington DC
    2 days ago
  •  ...are seeking a motivated Threat Hunter to support enterprise cybersecurity operations in a fast-paced...  ...using telemetry, develop detections, analyze malware, automate...  ...and improve detection engineering. Monitor, analyze,...  ...teams to improve security posture. Support compliance... 
    Operations

    Omniscius Consulting

    Washington DC
    11 days ago
  • $117.6k - $161.7k

     ...inside our Offensive Security organization, and we’re...  ...looking for a senior engineer who can both build it...  ...that makes our offensive operations faster and broader,...  ...partners, then pair with detection engineering to close...  ...multi‑cloud breadth; threat‑intelligence‑driven operations... 
    Operations
    Temporary work
    Work from home

    Humana

    Washington DC
    2 days ago
  • $130k - $225k

     ...exciting opportunity for a RF Engineer to support the Naval...  ...from emerging threats by advancing electronic...  ...control systems; target detection; and seeker decision logic. Security Clearance Active SECRET...  ...integration and flight operations, full lifecycle C5ISR engineering... 
    Operations

    Integration Innovation, Inc.

    Washington DC
    2 days ago
  •  ...seeking a Senior Cybersecurity Engineer / Offensive Security Lead to support high‑...  ...This role is designed for operators who bring hands‑on offensive...  ...teams to validate detections and strengthen security posture...  ...tooling, TTPs, and emerging threat vectors Certifications... 
    Operations

    Apogee Global RMS

    Washington DC
    2 days ago
  •  ...activities. Candidates must have at least 5 years of experience in cyber defense analysis, a TS/SCI clearance, and expertise in intrusion detection technologies. Responsibilities include analyzing network traffic for anomalies, documenting incidents, and coordinating with cyber... 

    BCMC

    Arlington, VA
    2 days ago
  •  ...the Washington, D.C area. Essential responsibilities include delivering threat intelligence on hostile actors and supporting incident response. The role requires 5-8 years of federal cyber operations experience and relevant certifications, with active TS/SCI or DOE Q... 
    Operations
    Contract work

    Amentum

    Washington DC
    4 days ago
  •  ...Position Title: Lead Cyber Threat Analyst Location:...  ...as the technical and operational lead for enterprise...  ...compliance with all federal security standards. This role...  ...organization's threat detection, analysis, and...  ...Information Technology, Engineering, or a related field.... 
    Operations
    For contractors
    Local area

    DirectViz Solutions, LLC

    Washington DC
    11 days ago
  •  ...seeking a Lead Cyber Threat Analyst to fulfil a requirement...  ...strategies to detect and disrupt adversary...  ...and intelligence operations to identify emerging threats...  ...analysis, reverse engineering, and forensic investigations...  ...and adaptive security capabilities. Apply... 
    Operations
    Flexible hours

    Evolver Federal

    Washington DC
    15 days ago
  • $166k - $253k

     ...Lattice OS, an AI‑powered operating system that turns thousands...  ...The Job We’re seeking a Security Software Engineer to develop novel security...  ...test, and debug an endpoint detection and response agent with mission...  ...on the latest security threats and technologies.... 
    Operations
    Relocation package

    Anduril Industries

    Washington DC
    2 days ago
  •  ...civilian, health, and national security environments. We apply modern...  ...faster and more secure operations, and drive measurable mission...  ...over bureaucracy. Lead Cyber Threat Intelligence Analyst Location...  ...operationally relevant and drive detection and response improvements... 
    Operations
    Full time
    Work experience placement
    Flexible hours
    Shift work

    Revolutional, LLC

    Silver Hill, MD
    3 days ago
  • $150k - $201.6k

     ...excellent opportunity for a Senior IT Security Engineer, Threat Response . This position could be...  ...will work closely with our Security Operations Center (SOC), incident response teams...  ...advanced threat hunting activities to detect unknown and sophisticated threats that... 
    Operations
    Temporary work
    Remote work
    Flexible hours

    Orrick, Herrington & Sutcliffe LLP

    Washington DC
    4 days ago
  •  ...projects including satellite operations, critical...  ...dedicated and skilled Cyber Security Analyst to join our team...  ...addressing emerging threats. You will serve on a team...  ...Information Assurance Engineers, Information System...  ...Knowledge of intrusion detection and prevention systems... 
    Operations
    Permanent employment

    Tactibit

    Suitland, MD
    4 days ago
  •  ...Job Title Senior Cyber Security Analyst Location Washington...  ...part of the Security Operation Center (SOC) which monitors, analyzes, detects, and responds to cyber...  ...vulnerabilities and threats, collect intelligence,...  ...technology security, computer engineering, computer information... 
    Operations
    Contract work
    Work at office

    Ampcus

    Washington DC
    1 day ago
  • $166k - $253k

     ...Lattice OS, an AI-powered operating system that turns...  ...THE JOB We're seeking a Security Software Engineer to develop novel security...  ...test, and debug an endpoint detection and response agent with mission...  ...updated on the latest security threats and technologies.... 
    Operations
    Full time
    Work experience placement
    Immediate start

    Anduril Industries

    Washington DC
    21 hours ago
  • $135k - $145k

     ...Athene, LLC is looking for a Cyber Event Monitoring Lead to oversee threat monitoring and incident reporting in Washington, DC. The role...  ..., utilizing SIEM technologies, and managing enterprise network security. The ideal candidate will have a minimum of 8 years of... 

    Tyto Athene, LLC

    Washington DC
    1 day ago
  • $70k - $125k

     ...Defense Analyst for our client to provide Network Operations Security Center (NOSC) support, cyber analysis,...  ...U.S. Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the enterprise. The... 
    Operations
    Shift work
    Night shift
    Afternoon shift

    Sprycyber

    Washington DC
    2 days ago
  • $300k - $405k

     ...committed researchers, engineers, policy experts, and...  ...seeking an exceptional Detection and Response engineer...  ...solutions to monitor for threats, rapidly investigate...  ...opportunity to shape our security capabilities from the...  ...environments and operations Experience working with... 
    Operations
    Full time
    Work at office
    Visa sponsorship
    Flexible hours

    Anthropic

    Washington DC
    21 hours ago
  •  ...-spectrum cyber, data operations, systems integration and...  ...and potential threats to network resources...  ...alerts Provide timely detection, identification, and alerting...  ...Department of Homeland Security (DHS) Entry on Duty (...  ...Cyber Security, Computer Engineering, or related degree; or... 
    Operations
    Contract work
    Immediate start

    Nightwing

    Arlington, VA
    2 days ago
  •  ...Response Team (HIRT) secures the Nation's cyber and...  ...systems, and networks from threats. CNDAs review data...  ...development of signatures to detect this malicious...  ...Identify applications and operating systems of a network...  ...Security, Computer Engineering, or related degree; or... 
    Operations
    Full time
    Contract work
    Work at office
    Local area
    Immediate start
    Remote work

    Castalia Systems

    Arlington, VA
    2 days ago
  • $30.08 - $52.65 per hour

     ...advances the organization’s security posture across complex...  ...with Infrastructure, Network Engineering and Cloud teams while maintaining...  .... Responsibilities include threat detection, incident response,...  ...monitoring, control validation and operational resilience to maintain a... 
    Operations
    Local area

    Johns Hopkins Health Plans

    Washington DC
    2 days ago
  • $140.5k - $210.5k

     ...firewalls, proxies, intrusion detection and prevention systems...  ...analysis platforms, security information and event...  ...solutions that enable threat hunt activities....  ...information security engineering decisions, ensuring Board...  ...to inform threat hunt operations and investigate Board... 
    Operations
    Work at office
    Relocation

    Federal Reserve System

    Washington DC
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Threat Detection Engineer - Security Operations. Be the first to apply!