Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Threat Detection Engineer - Security Operations

$113.03k - $140k

ID.me

Job Description

Job Description

Company Overview

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me's technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to "No Identity Left Behind" to enable all people to have a secure digital identity. To learn more, visit

ID.me is a full-time, in-office culture. Unless a specific job description explicitly states otherwise, all roles are on-site five days per week at one of our offices in McLean, VA; Mountain View, CA; New York City, NY; or Tampa, FL. Certain roles — such as field-based sales or other remote-by-design positions — may have different work arrangements as noted in their individual postings.

At ID.me, we embrace the thoughtful use of AI tools in our daily work and there are even occasions where we leverage AI in our hiring process. However, during the interview process, we want to understand your individual skills and experiences. Therefore, we have guidelines on how AI can be appropriately used during your application and interviews which can be found here.

Role Summary

We are seeking a Threat Detection Engineer to join our security engineering and operations team. In this role, you will develop, test, and optimize high-fidelity detections across modern security data platforms, with a focus on security analytics, automation, and threat detection at scale. You will be expected to bring — and continuously develop — strong AI literacy: designing detection workflows that leverage large language models, anomaly detection, and agentic pipelines, while also understanding and defending against AI-specific attack surfaces.

You should be comfortable writing structured, reusable detection logic, working with infrastructure-as-code (IaC), and integrating behavioral and threat intelligence into detection strategies. You will collaborate closely with incident response, threat intel, and platform engineering teams to ensure resilient, high-quality coverage of modern threat scenarios across cloud and enterprise environments — including threats targeting and exploiting AI systems.

Key Responsibilities

- Design and implement detection logic across SIEM/SOAR platforms, including Splunk, Google Chronicle (SecOps), and Elastic/Logstash.

- Build scalable detection rules, analytics, and anomaly models to detect adversary TTPs aligned with MITRE ATT&CK.

- Develop and maintain detection-as-code using Python and YAML-based rule formats (e.g., Sigma, YARA-L, Kusto, or Lucene).

- Design and evaluate LLM-assisted detection and triage workflows, including prompt engineering for alert enrichment, summarization, and classification.

- Build and maintain AI-augmented detection pipelines: anomaly scoring, embedding-based similarity search, natural language parsing for phishing and social engineering detection, and LLM-based log analysis.

- Apply AI security literacy to identify and detect risks in AI-integrated environments, including prompt injection, model abuse, data exfiltration via LLMs, and shadow AI usage.

- Perform quality assurance and validation of alerts — including AI-generated signals — to minimize false positives and increase signal fidelity.

- Leverage Snowflake and SQL to normalize and query large datasets across multiple telemetry sources, including AI system logs and API call records.

- Contribute to infrastructure-as-code workflows for detection deployment (e.g., Terraform, GitOps pipelines).

- Collaborate with Threat Intelligence and IR teams to translate threat actor TTPs — including those targeting AI systems — into actionable detections.

- Participate in detection tuning, red/blue team exercises, and post-incident reviews, including adversarial testing of AI-assisted detection logic.

- Maintain availability for 24x7 on-call rotation and ensure timely response to security incidents during standard EST business hours.

Required Qualifications

- 2-4 years in a security engineering or other relevant security operations role.

- Proficiency with Splunk, Elastic Stack, Google SecOps (Chronicle), and/or Logstash.

- Strong programming or scripting experience in Python and SQL.

- Working experience authoring detection logic using YARA-L, Sigma, or equivalent formats.

- Demonstrated AI literacy: hands-on experience using LLM APIs (e.g., OpenAI, Anthropic, Google Gemini) or AI/ML frameworks for security use cases, including prompt engineering, retrieval-augmented generation (RAG), or agentic workflows.

- Understanding of AI/ML concepts relevant to detection: anomaly detection, clustering, embedding models, LLM-based enrichment, and the limitations and failure modes of these approaches.

- Ability to assess and detect AI-specific threats: prompt injection, model inversion, training data poisoning, and LLM-facilitated social engineering.

- Experience working with cloud-scale security data and log management tools.

- Familiarity with MITRE ATT&CK, threat modeling, and behavioral-based detections.

- Knowledge of Infrastructure-as-Code (IaC) and version control systems (e.g., GitHub, Terraform, GitLab CI/CD).

Preferred Qualifications

- Industry security certifications such as GCIA, GCIH, GCFA, Security+, or AI/ML security credentials.

- Experience with Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE), including GKE security posture management, audit logging, and cloud-native workload monitoring.

- Experience building or operating SOAR integrations with LLM-assisted triage or response recommendations.

- Hands-on experience with agentic AI frameworks (e.g., LangChain, LlamaIndex, or custom tool-use pipelines) applied to security automation.

- Familiarity with Snowflake's Security Data Lake or cloud-native log pipelines, including telemetry from AI platforms (e.g., OpenAI API logs, Azure AI services).

- Exposure to red team/blue team collaboration, threat hunting, or adversary emulation frameworks, with emphasis on AI-enabled attack scenarios.

- Experience red-teaming or evaluating LLM-based systems for security weaknesses.

- Contributions to open-source detection or AI security tooling projects.

Ideal Candidate Will Thrive In Our Culture:

- Demonstrates a strong passion for security and a commitment to protecting digital identities.

- Keeps pace with the rapidly evolving AI threat landscape and proactively translates emerging research into detection coverage.

- Adapts well to changing priorities and can shift gears quickly in a fast-paced environment.

- Exhibits excellent oral and written communication skills, including the ability to explain AI-driven detection decisions to non-technical stakeholders.

- Works well within a team, but is also self-driven and capable of managing tasks independently.

- Shows a continuous desire for learning and professional development, staying current with advances in both cybersecurity and applied AI.

Location:

Candidates must be located in the continental U.S. and able to work on-site in Mountain View, CA.

The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role.

ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.

Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors.

Mountain View, CA Pay Range

$113,033—$140,000 USD

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.

ID.me participates in E-Verify.

Vacancy posted 7 days ago
Similar jobs that could be interesting for youBased on the Threat Detection Engineer - Security Operations in San Francisco, CA vacancy
  • Ivo Inc. is seeking a Senior Security Engineer in San Francisco to enhance threat detection and response across its infrastructure. In this senior IC role, you'll...  ...everything from identity security to cloud operations and incident response. The role is critical as it... 
    Operations

    Ivo Inc.

    San Francisco, CA
    9 days ago
  •  ...transforming how enterprises operate. We build intelligent...  ...used across IT, HR, Finance, Security, Legal, and Engineering. Our mission is to...  ...vulnerability management, threat modeling, and security architecture...  ...(SAST, DAST, SCA, secrets detection, fuzzing, software supply‑... 
    Operations

    Serval

    San Francisco, CA
    4 days ago
  • $300k - $405k

     ...Security Engineer, Detection & Response San Francisco, CA | New York City, NY | Seattle, WA; Washington...  ...to build solutions to monitor for threats, rapidly investigate incidents, and coordinate...  ...of cloud environments and operations ~ Experience working with engineering... 
    Operations
    Work at office
    Visa sponsorship
    Flexible hours

    Anthropic

    San Francisco, CA
    4 days ago
  •  ...Staff Detection And Response Engineer Join WRITER's security team as a staff detection and response engineer and help protect...  ...strategic thinking to stay ahead of novel threats that don't exist in textbooks yet. You'll be the operational arm of our security function,... 
    Operations
    Full time
    Work at office
    Local area
    Flexible hours

    Writer Corporation

    San Francisco, CA
    3 days ago
  •  ...administration, or SOC operations Foundational...  ...networking, endpoint security, identity management,...  ...framework and common threat actor techniques (Desirable...  ...with senior security engineers, IT, and infrastructure...  ...phishing attempts, malware detections, and unauthorized access... 
    Operations
    Contract work

    Chaos Industries

    San Francisco, CA
    3 days ago
  •  ...work alongside researchers, operators, and AI companies at the forefront...  .... You’ll own application security at a company where the app...  ...to accelerate code review and threat modeling, and automating away...  ...safe path the easy path for 50+ engineers Threat models for new... 
    Operations
    Remote work
    Shift work

    Mercor Inc

    San Francisco, CA
    4 days ago
  • $148k - $185k

     ...a highly motivated and versatile Sr. Security Engineer to spearhead our efforts in securing enterprise...  ..., and protecting against emerging threats. The successful candidate will be a...  ..., please submit a request to People Operations by emailing ****@*****.***. #J-18... 
    Operations
    Full time
    Work at office
    3 days per week

    Turo Inc.

    San Francisco, CA
    3 days ago
  • $196k - $220.5k

     ...for an experienced Senior Enterprise Security Engineer reporting to the Engineering Manager of...  ...balancing strong security with seamless operations? We’d love to meet you. We’re looking...  ...and misuse. Partner closely with the Detection & Response team to maintain full... 
    Operations
    Full time
    Work at office
    Relocation
    Relocation package
    2 days per week
    1 day per week

    United States Digital Space LLC

    San Francisco, CA
    4 days ago
  • $148k - $185k

    ## Senior Security Engineer, Enterprise SecurityApplylocations: San Franciscotime type: Full timeposted...  ..., and protecting against emerging threats.The successful candidate will be a...  ...tools to support our recruiting operations, including gathering information from... 
    Operations
    Full time
    Fixed term contract
    Work at office
    3 days per week

    Turo Inc

    San Francisco, CA
    3 days ago
  • $135.48k - $204.93k

    Sr. Security Engineer I - Enterprise Security Remote - Austin Who we are Samsara (NYSE: IOT) is the pioneer of the Connected Operations™ Cloud, which is a platform that enables organizations that...  ...We use Tofu , a fraud detection tool, to validate the authenticity... 
    Operations
    Remote work
    Relocation package
    Flexible hours

    Samsara

    San Francisco, CA
    4 days ago
  •  ...highly skilled Principal Engineer to join our Endpoint...  ...anchor for a critical security engineering team —...  ...remediation. Support on-call operations on a rotating schedule...  .... Research, gather threat intelligence and build...  ...in the prevention, detection, and reaction to threats... 
    Operations

    B Capital

    San Francisco, CA
    12 hours ago
  •  ...seeking a hands‑on Software Engineer to build and evolve the software...  ...and systems that power our security operations. This role focuses on...  ...‑driven agents that improve detection and response, vulnerability...  ...product and engineering teams to threat model new features and systems... 
    Operations

    Perplexity

    San Francisco, CA
    12 hours ago
  • $230k - $275k

     ...design, manufacture, and operate our own fleet of...  ...possible. Zipline’s security problems aren’t “website...  ...and collaborates across engineering disciplines. You’ll join...  ...quietly “rewrite the threat model”. This is a...  ...logging/telemetry, runtime detection, and incident-ready... 
    Operations
    Internship
    Work at office
    Local area

    Namely

    South San Francisco, CA
    3 days ago
  • $293k - $385k

     ...About the Team Security is at the foundation of OpenAI's...  ...technical in what we build but are operational in how we do our work, and...  ...Role As a Security Engineer on Detection & Response, you'll help...  ...with the right telemetry, threat models, and response playbooks... 

    OpenAI

    San Francisco, CA
    3 days ago
  • $110k - $190k

     ...empowering warfighters, commercial air operators, and border protection teams to act...  ..., and stay ahead of evolving threats. CHAOS Industries was founded in...  ...Overview: We are seeking a Cybersecurity Engineer focused on Product Security to help design, assess, and secure... 
    Operations
    Full time
    Contract work
    Work experience placement
    Casual work
    Relocation package

    CHAOS Industries

    San Francisco, CA
    4 days ago
  • $320k - $405k

     ...Security Software Engineer, Detection & Response Platform San Francisco, CA | New York City, NY | Seattle, WA; Washington, DC About Anthropic...  ...innovative solutions that leverage Claude to transform security operations. Responsibilities: Build AI-powered platform... 
    Operations
    Work at office
    Visa sponsorship
    Flexible hours
    Shift work

    Anthropic

    San Francisco, CA
    1 day ago
  •  ...platform. About the Role We’re seeking a Security Engineer to join our First‑Party Hardware team....  ...Own security requirements, threat models, validation strategy, and launch...  ...‑up. Harden management interfaces and operational access paths across BMCs, hosts, accelerators... 
    Operations
    Contract work
    Relocation package
    3 days per week

    The Consulting Solutions

    San Francisco, CA
    4 days ago
  • $230k - $385k

    Systems Software Engineer, Security, First Party Hardware Hardware - San Francisco Location: San...  ..., manufacturing, deployment, and operations to build AI-native compute systems for...  .... You will be accountable for turning threat models into requirements, requirements... 
    Operations
    Contract work
    Relocation package
    3 days per week

    OpenAI

    San Francisco, CA
    2 days ago
  • $107.66k - $207.76k

    Cyber Defense & Resilience Security Operations Senior Consultant job at Deloitte. San Francisco, CA. Are you interested in working...  ...security operations capabilities (e.g., program governance, detection engineering, threat analysis and response) across governance, people,... 
    Operations
    Work at office
    Visa sponsorship

    Hong Kong Study Skills Research Institute

    San Francisco, CA
    2 days ago
  • CHAOS Industries in San Francisco is looking for a SOC Analyst II to join their Security Operations team. In this role, you will defend against evolving security threats by monitoring systems and responding to incidents. Candidates should have 3-5 years of cybersecurity... 
    Operations
    Flexible hours

    CHAOS Industries

    San Francisco, CA
    4 days ago
  • $99k - $232k

     ...protecting organisations from cyber threats through advanced technologies...  ...vulnerabilities, develop secure systems, and provide...  ...training to development and operations teams on recommended practices...  ...field(s) of study: Computer Engineering, Computer Applications, Computer... 
    Operations
    Full time
    H1b

    PwC

    San Francisco, CA
    3 days ago
  •  ...us. About the Role The Persona Security Team is looking for a software engineer to join us. You’ll own security sensitive...  ...our defenses against evolving threats. Your mission: design, build and...  ...attacks before they disrupt our operations. This position is based at our... 
    Operations
    Relocation package
    Flexible hours

    Persona

    San Francisco, CA
    12 hours ago
  • $170.6k - $390k

     ...your career in information security! The opportunity The...  ..., application, and security operations teams. Join our dynamic...  ...Senior Manager in Cybersecurity Engineering, where you will play a...  ...sensitive data against a myriad of threats while leading cross-... 
    Operations
    Summer holiday
    Remote work
    Flexible hours

    EY

    San Francisco, CA
    1 day ago
  • $123.2k - $193.6k

     ...for the Proofpoint Data Security products. This...  ...Endpoint DLP, Insider Threat Management (ITM) SaaS,...  ...DSPM), Insider Threat Detection (ITD), ITM On-Premises...  ..., best practices, and operational strategies, our Consultants...  ...Professional Services, Support, Engineering, and Product teams to... 
    Operations
    Flexible hours

    Proofpoint

    San Francisco, CA
    12 hours ago
  • $87.7k - $164k

     ...Within Information Security we blend risk strategy, digital identity...  ...incidents through ‘Hunting’ operations within a SIEM and other...  ...assessment on perceived security threats Maintain, manage, improve...  ...Science, Information Systems, Engineering or a related field 5+ years... 
    Operations
    Summer holiday
    Local area
    Flexible hours

    Ernst & Young Oman

    San Francisco, CA
    4 days ago
  •  ...smarter, faster, and more secure financial future by...  ...internal technology operations executive. This is a dual...  ...regulatory and threat landscape, making decisions...  ...access management, threat detection and response, data...  ...culture, partnering with Engineering, Product, Legal, and... 
    Operations
    Full time
    Contract work
    Temporary work
    Work at office
    Worldwide
    Home office
    Flexible hours

    Trustly

    San Francisco, CA
    12 hours ago
  • A tech-driven security firm in San Francisco seeks a hands-on Software Engineer to develop security tools and automation systems...  ...designing improvements for detection and response, collaborating with...  ...teams, and enhancing security operations with AI-driven agents. The... 
    Operations

    Perplexity

    San Francisco, CA
    2 days ago
  • Jaide Health is seeking a Senior Security Engineer to serve as a trusted advisor, leading security operations and integrating security into the software development lifecycle. The ideal candidate will have over 5 years of experience with a focus on security tool onboarding... 
    Operations
    Remote job
    Full time
    Flexible hours

    Jaide Health

    San Francisco, CA
    3 days ago
  • Deloitte & Touche LLP is seeking a Cyber Defense & Resilience Security Operations Senior Consultant in San Francisco. This role focuses on...  ...at least 3 years of experience in Security Operations or Detection Engineering, along with a Bachelor’s degree or equivalent experience.... 
    Operations

    Hong Kong Study Skills Research Institute

    San Francisco, CA
    1 day ago
  •  ...-native automation platform transforming how enterprises operate. We build intelligent agents that understand real-world workflows...  ...AI automation layer used across IT, HR, Finance, Security, Legal, and Engineering. Our mission is to eliminate repetitive, manual work across... 
    Operations

    Serval

    San Francisco, CA
    12 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Threat Detection Engineer - Security Operations. Be the first to apply!