Threat Detection Engineer - Security Operations
$113.03k - $140kID.me
Job Description
Job Description
Company Overview
ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me's technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to "No Identity Left Behind" to enable all people to have a secure digital identity. To learn more, visit
ID.me is a full-time, in-office culture. Unless a specific job description explicitly states otherwise, all roles are on-site five days per week at one of our offices in McLean, VA; Mountain View, CA; New York City, NY; or Tampa, FL. Certain roles — such as field-based sales or other remote-by-design positions — may have different work arrangements as noted in their individual postings.
At ID.me, we embrace the thoughtful use of AI tools in our daily work and there are even occasions where we leverage AI in our hiring process. However, during the interview process, we want to understand your individual skills and experiences. Therefore, we have guidelines on how AI can be appropriately used during your application and interviews which can be found here.
Role Summary
We are seeking a Threat Detection Engineer to join our security engineering and operations team. In this role, you will develop, test, and optimize high-fidelity detections across modern security data platforms, with a focus on security analytics, automation, and threat detection at scale. You will be expected to bring — and continuously develop — strong AI literacy: designing detection workflows that leverage large language models, anomaly detection, and agentic pipelines, while also understanding and defending against AI-specific attack surfaces.
You should be comfortable writing structured, reusable detection logic, working with infrastructure-as-code (IaC), and integrating behavioral and threat intelligence into detection strategies. You will collaborate closely with incident response, threat intel, and platform engineering teams to ensure resilient, high-quality coverage of modern threat scenarios across cloud and enterprise environments — including threats targeting and exploiting AI systems.
Key Responsibilities
- Design and implement detection logic across SIEM/SOAR platforms, including Splunk, Google Chronicle (SecOps), and Elastic/Logstash.
- Build scalable detection rules, analytics, and anomaly models to detect adversary TTPs aligned with MITRE ATT&CK.
- Develop and maintain detection-as-code using Python and YAML-based rule formats (e.g., Sigma, YARA-L, Kusto, or Lucene).
- Design and evaluate LLM-assisted detection and triage workflows, including prompt engineering for alert enrichment, summarization, and classification.
- Build and maintain AI-augmented detection pipelines: anomaly scoring, embedding-based similarity search, natural language parsing for phishing and social engineering detection, and LLM-based log analysis.
- Apply AI security literacy to identify and detect risks in AI-integrated environments, including prompt injection, model abuse, data exfiltration via LLMs, and shadow AI usage.
- Perform quality assurance and validation of alerts — including AI-generated signals — to minimize false positives and increase signal fidelity.
- Leverage Snowflake and SQL to normalize and query large datasets across multiple telemetry sources, including AI system logs and API call records.
- Contribute to infrastructure-as-code workflows for detection deployment (e.g., Terraform, GitOps pipelines).
- Collaborate with Threat Intelligence and IR teams to translate threat actor TTPs — including those targeting AI systems — into actionable detections.
- Participate in detection tuning, red/blue team exercises, and post-incident reviews, including adversarial testing of AI-assisted detection logic.
- Maintain availability for 24x7 on-call rotation and ensure timely response to security incidents during standard EST business hours.
Required Qualifications
- 2-4 years in a security engineering or other relevant security operations role.
- Proficiency with Splunk, Elastic Stack, Google SecOps (Chronicle), and/or Logstash.
- Strong programming or scripting experience in Python and SQL.
- Working experience authoring detection logic using YARA-L, Sigma, or equivalent formats.
- Demonstrated AI literacy: hands-on experience using LLM APIs (e.g., OpenAI, Anthropic, Google Gemini) or AI/ML frameworks for security use cases, including prompt engineering, retrieval-augmented generation (RAG), or agentic workflows.
- Understanding of AI/ML concepts relevant to detection: anomaly detection, clustering, embedding models, LLM-based enrichment, and the limitations and failure modes of these approaches.
- Ability to assess and detect AI-specific threats: prompt injection, model inversion, training data poisoning, and LLM-facilitated social engineering.
- Experience working with cloud-scale security data and log management tools.
- Familiarity with MITRE ATT&CK, threat modeling, and behavioral-based detections.
- Knowledge of Infrastructure-as-Code (IaC) and version control systems (e.g., GitHub, Terraform, GitLab CI/CD).
Preferred Qualifications
- Industry security certifications such as GCIA, GCIH, GCFA, Security+, or AI/ML security credentials.
- Experience with Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE), including GKE security posture management, audit logging, and cloud-native workload monitoring.
- Experience building or operating SOAR integrations with LLM-assisted triage or response recommendations.
- Hands-on experience with agentic AI frameworks (e.g., LangChain, LlamaIndex, or custom tool-use pipelines) applied to security automation.
- Familiarity with Snowflake's Security Data Lake or cloud-native log pipelines, including telemetry from AI platforms (e.g., OpenAI API logs, Azure AI services).
- Exposure to red team/blue team collaboration, threat hunting, or adversary emulation frameworks, with emphasis on AI-enabled attack scenarios.
- Experience red-teaming or evaluating LLM-based systems for security weaknesses.
- Contributions to open-source detection or AI security tooling projects.
Ideal Candidate Will Thrive In Our Culture:
- Demonstrates a strong passion for security and a commitment to protecting digital identities.
- Keeps pace with the rapidly evolving AI threat landscape and proactively translates emerging research into detection coverage.
- Adapts well to changing priorities and can shift gears quickly in a fast-paced environment.
- Exhibits excellent oral and written communication skills, including the ability to explain AI-driven detection decisions to non-technical stakeholders.
- Works well within a team, but is also self-driven and capable of managing tasks independently.
- Shows a continuous desire for learning and professional development, staying current with advances in both cybersecurity and applied AI.
Location:
Candidates must be located in the continental U.S. and able to work on-site in Mountain View, CA.
The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role.
ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.
Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors.
U.S. Pay Range
$113,033—$140,000 USD
Mountain View, CA Pay Range
$113,033—$140,000 USD
ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.
Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.
ID.me participates in E-Verify.
- ...Industrial Control System Cyber Threat Intelligence Analyst for its... ...required. Active Top Secret Security Clearance with SCI... ...recommendations. You will support operational teams and senior leaders by investigating... ...procedures (TTPs) for threat detection and response. Map ISC...OperationsCurrently hiring
- ...performing processing, triage, threat analysis, and response to... ...industrial Control Systems (ICS), Operational technology (OT), Supervisory... ...necessary to ensure security and safe function of IC systems... ...techniques, and procedures (TTPs) for detecting and responding to cyber...OperationsCurrently hiring
$100k - $124k
...Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications... ...Decisions is seeking a Cyber Threat Analyst to support the Diplomatic Security Cyber Mission (DSCM) program... ...platforms, intrusion detection systems, and SIEM tools....OperationsTemporary workRemote workOverseas$104k - $166k
...next-generation national security company that drives... ...nation and allies. Peraton operates at the critical nexus... ...and nontraditional threats across all domains:... ...Encompasses technical, engineering, data analytics, cyber... ...Familiarity with threat detection tools. Strong...OperationsFull timeContract workTemporary workWork at officeShift work- Tyto Athene, LLC is seeking a Cyber Event Monitoring Lead to support threat monitoring, detection, event analysis, and incident reporting in a 24/7 Security Operations Center. You will monitor enterprise networks and systems, detect events, and report threats, collaborating...Operations
- UltraViolet Cyber, located in McLean, Virginia, is actively seeking a Cyber Threat Researcher (Level II) for its Threat Intelligence & Detection Engineering team. This role involves engaging in threat hunts and creating effective threat detections to protect clients from...
- ...contain, mitigate all observed threats and document all investigational... ...diverse group of teams including engineering, security, and network & system operations to ensure effective adoption of... ...with SIEM, SOAR, and EDR tools for detection and response It is the policy...OperationsFlexible hours
- Integral is seeking a Security Analyst in McLean, Virginia, to support the U.S. Army's C5ISR Center in cyber defense research and detection methods. The position requires a Bachelor's degree in Computer Science or a related field, along with key certifications and a minimum...
- ...Analyst. The role involves monitoring network activity, analyzing threats, and coordinating with cyber defense teams. Candidates should... ...of cyber defense analysis experience and possess relevant U.S. security clearances. Collaboration with a talented team is emphasized to...
- Leidos Defense Group is seeking a Cyber Security Fusion Analyst to support GSM-O II for Joint Force Headquarters DODIN at Fort Meade. You will analyze network data, triage events, detect threats, and develop metrics to strengthen defense. Responsibilities include leveraging...
- ...activities. Candidates must have at least 5 years of experience in cyber defense analysis, a TS/SCI clearance, and expertise in intrusion detection technologies. Responsibilities include analyzing network traffic for anomalies, documenting incidents, and coordinating with cyber...
- Integral Federal, Inc. is looking for a Security Analyst to support the United States Army C5ISR Center in advancing cyber defense research. Responsibilities include analyzing detection methods, documenting procedures, and maintaining security tools. The ideal candidate...
- ...Cyber Intelligence Analyst III to support cyber threat intelligence activities for our customer. You will... ...and manage intelligence, support defense operations, and deliver analysis and reports to aid threat detection and decision-making. Responsibilities include analyzing...OperationsRemote job
$50k - $90k
...is seeking an Associate Cyber Threat Researcher (Level I) to enhance cybersecurity operations. This role focuses on threat hunting... ...and creating advanced threat detection strategies to defend clients... ...technical knowledge to strengthen security measures and effectively...Operations$70k - $85k
...response, advanced forensics, and coordinated recovery operations to protect vital systems from evolving cyber threats. We combine technical precision with operational... ...sources Demonstrated ability to integrate cyber security related data from relevant sources into...OperationsShift work$85k - $95k
Job Title: Cyber Threat Intelligence Analyst Salary... ...cybersecurity operations, fraud prevention, and... ...intelligence products that help detect, prevent, and mitigate... ...intelligence into Security Operations Center (SOC... ...identity theft, and social engineering tactics. Experience...OperationsTemporary workWork at officeRemote workFlexible hours- EY in McLean, VA seeks a Senior Manager to lead Security Operations, Threat Detection and Response for Government & Public Sector. You will guide strategy, design, and operation of mission-critical SOCs for federal, state, and education clients, including TS-level environments...Operations
$125.3k - $233k
...building next‑generation detection and remediation engineering products that outsmart human... ...will blend knowledge of threat modeling with a passion... ...delivering differentiated security outcomes. As a Product... ...training, validating, and operating AI/ML models while respecting...OperationsLocal area- ...-spectrum cyber, data operations, systems integration and... ...and potential threats to network resources Coordinate... ...alerts Provide timely detection, identification, and... ...of Homeland Security (DHS) Entry on Duty (EOD... ...Cyber Security, Computer Engineering, or related degree; or...OperationsContract workImmediate start
$110.18k - $183.63k
...seeking a Information Security Advisor to join our team... ...the 24/7/365 Security Operations Center, which serves... ...response, and proactive threat hunting. This role... ...framework and others to detect, disrupt, and prevent... ...They collaborate with engineers, threat intelligence and...OperationsTemporary workWork at officeRemote workFlexible hours- ...join our Information Security team and help defend... ...active and emerging cyber threats. In this role, you... ...alerts, tune detections, and help surface anomalous... ...alert triage, detection engineering, threat hunting, and... ..., military cyber operations, information warfare,...OperationsWork at officeFlexible hours
- ...Response Team (HIRT) secures the Nation's cyber and... ...systems, and networks from threats. CNDAs review data... ...development of signatures to detect this malicious... ...Identify applications and operating systems of a network... ...Security, Computer Engineering, or related degree; or...OperationsFull timeContract workWork at officeLocal areaImmediate startRemote work
- ...will monitor Air Gapped Security Fabrics through... ...limited to: Monitoring Operations Center IT an infrastructure... ...Posture through detections & response compliance.... ...with TIER 2 and TIER 3 (Engineering) Teams Experience with... ...in developing Threat Reports, translating IOCs...OperationsWork at officeLocal areaShift workNight shift
- A technology company serving federal clients is seeking a seasoned cybersecurity professional to lead security detection initiatives. Located in Arlington, Virginia, this role requires U.S. Citizenship and a Bachelor's degree in Cybersecurity or related field, along with...
$91.3k - $221.1k
A leading technology firm in Arlington, Virginia is seeking a Detection Engineer to join their Cyber Incident Response Team. The role involves designing and implementing security detection initiatives, developing new detection logic for various platforms, and optimizing...- ...experience working within a Cyber Incident Response Team, Security Operations Center, or a similar cybersecurity role. The... ...network security tools, and log analysis tools to detect, analyze, and respond to security threats. Apply knowledge of operating systems, network...OperationsShift workNight shiftAfternoon shift
- ...are seeking a motivated Threat Hunter to support enterprise cybersecurity operations in a fast-paced... ...using telemetry, develop detections, analyze malware, automate... ...and improve detection engineering. Monitor, analyze,... ...teams to improve security posture. Support compliance...Operations
- ...Polygraph Position Code: 26-SC0619-2 Seeking a Cyber Threat Hunt Analyst to join our Cyber Security Operations Center (CSOC) in McLean, VA. The ideal candidate... ...not limited to: Conduct threat hunting activities to detect advanced threats that evade traditional security...Operations
$110k - $170k
...individuals with a background in cyber threat detection, investigation, and reporting to support a high visibility cyber security operations center. Clearance: TS/SCI Full Scope Polygraph... ..., network security, and/or network engineering Must have active IAT II certification...OperationsLong term contractShift work$180k - $230k
...over legacy infrastructure. Secure cellular service for consumers... ...agencies, with privacy and security engineered into every layer of the stack... .... The role: the technical operator who makes the product work in... ...to learn the workflows, threat models, and constraints that...OperationsWorldwide
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Threat Detection Engineer - Security Operations. Be the first to apply!
- information security consultant McLean, VA
- cyber security analyst McLean, VA
- revenue operations McLean, VA
- service operations leadership development program McLean, VA
- finance operations McLean, VA
- loan operations McLean, VA
- business operations intern McLean, VA
- operation strategy cost manager McLean, VA
- fund operations McLean, VA
- gas operations McLean, VA

