Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Threat Detection Engineer - Security Operations

$113.03k - $140k

ID.me

Company Overview ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to "No Identity Left Behind" to enable all people to have a secure digital identity. To learn more, visit ID.me is a full-time, in-office culture. Unless a specific job description explicitly states otherwise, all roles are on-site five days per week at one of our offices in McLean, VA; Mountain View, CA; New York City, NY; or Tampa, FL. Certain roles — such as field-based sales or other remote-by-design positions — may have different work arrangements as noted in their individual postings. At ID.me, we embrace the thoughtful use of AI tools in our daily work and there are even occasions where we leverage AI in our hiring process. However, during the interview process, we want to understand your individual skills and experiences. Therefore, we have guidelines on how AI can be appropriately used during your application and interviews which can be found here. Role Summary We are seeking a Threat Detection Engineer to join our security engineering and operations team. In this role, you will develop, test, and optimize high-fidelity detections across modern security data platforms, with a focus on security analytics, automation, and threat detection at scale. You will be expected to bring — and continuously develop — strong AI literacy: designing detection workflows that leverage large language models, anomaly detection, and agentic pipelines, while also understanding and defending against AI-specific attack surfaces. You should be comfortable writing structured, reusable detection logic, working with infrastructure-as-code (IaC), and integrating behavioral and threat intelligence into detection strategies. You will collaborate closely with incident response, threat intel, and platform engineering teams to ensure resilient, high-quality coverage of modern threat scenarios across cloud and enterprise environments — including threats targeting and exploiting AI systems. Key Responsibilities Design and implement detection logic across SIEM/SOAR platforms, including Splunk, Google Chronicle (SecOps), and Elastic/Logstash. Build scalable detection rules, analytics, and anomaly models to detect adversary TTPs aligned with MITRE ATT&CK. Develop and maintain detection-as-code using Python and YAML-based rule formats (e.g., Sigma, YARA-L, Kusto, or Lucene). Design and evaluate LLM-assisted detection and triage workflows, including prompt engineering for alert enrichment, summarization, and classification. Build and maintain AI-augmented detection pipelines: anomaly scoring, embedding-based similarity search, natural language parsing for phishing and social engineering detection, and LLM-based log analysis. Apply AI security literacy to identify and detect risks in AI-integrated environments, including prompt injection, model abuse, data exfiltration via LLMs, and shadow AI usage. Perform quality assurance and validation of alerts — including AI-generated signals — to minimize false positives and increase signal fidelity. Leverage Snowflake and SQL to normalize and query large datasets across multiple telemetry sources, including AI system logs and API call records. Contribute to infrastructure-as-code workflows for detection deployment (e.g., Terraform, GitOps pipelines). Collaborate with Threat Intelligence and IR teams to translate threat actor TTPs — including those targeting AI systems — into actionable detections. Participate in detection tuning, red/blue team exercises, and post-incident reviews, including adversarial testing of AI-assisted detection logic. Maintain availability for 24x7 on-call rotation and ensure timely response to security incidents during standard EST business hours. Required Qualifications 2-4 years in a security engineering or other relevant security operations role. Proficiency with Splunk, Elastic Stack, Google SecOps (Chronicle), and/or Logstash. Strong programming or scripting experience in Python and SQL. Working experience authoring detection logic using YARA-L, Sigma, or equivalent formats. Demonstrated AI literacy: hands-on experience using LLM APIs (e.g., OpenAI, Anthropic, Google Gemini) or AI/ML frameworks for security use cases, including prompt engineering, retrieval-augmented generation (RAG), or agentic workflows. Understanding of AI/ML concepts relevant to detection: anomaly detection, clustering, embedding models, LLM-based enrichment, and the limitations and failure modes of these approaches. Ability to assess and detect AI-specific threats: prompt injection, model inversion, training data poisoning, and LLM-facilitated social engineering. Experience working with cloud-scale security data and log management tools. Familiarity with MITRE ATT&CK, threat modeling, and behavioral-based detections. Knowledge of Infrastructure-as-Code (IaC) and version control systems (e.g., GitHub, Terraform, GitLab CI/CD). Preferred Qualifications Industry security certifications such as GCIA, GCIH, GCFA, Security+, or AI/ML security credentials. Experience with Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE), including GKE security posture management, audit logging, and cloud-native workload monitoring. Experience building or operating SOAR integrations with LLM-assisted triage or response recommendations. Hands-on experience with agentic AI frameworks (e.g., LangChain, LlamaIndex, or custom tool-use pipelines) applied to security automation. Familiarity with Snowflake's Security Data Lake or cloud-native log pipelines, including telemetry from AI platforms (e.g., OpenAI API logs, Azure AI services). Exposure to red team/blue team collaboration, threat hunting, or adversary emulation frameworks, with emphasis on AI-enabled attack scenarios. Experience red-teaming or evaluating LLM-based systems for security weaknesses. Contributions to open-source detection or AI security tooling projects. Ideal Candidate Will Thrive In Our Culture Demonstrates a strong passion for security and a commitment to protecting digital identities. Keeps pace with the rapidly evolving AI threat landscape and proactively translates emerging research into detection coverage. Adapts well to changing priorities and can shift gears quickly in a fast-paced environment. Exhibits excellent oral and written communication skills, including the ability to explain AI-driven detection decisions to non-technical stakeholders. Works well within a team, but is also self-driven and capable of managing tasks independently. Shows a continuous desire for learning and professional development, staying current with advances in both cybersecurity and applied AI. Location Candidates must be located in the continental U.S. and able to work on-site in MountainView, CA. Salary and Benefits The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role. ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&DD insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit. Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors. Pay Range: $113,033—$140,000 USD ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations. Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy. ID.me participates in E-Verify. #J-18808-Ljbffr ID.me

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Threat Detection Engineer - Security Operations in San Francisco, CA vacancy
  • ID.me is seeking a Threat Detection Engineer to join our security engineering and operations team in Mountain View, CA. You will develop, test, and optimize high-fidelity detections across modern security data platforms, with a focus on security analytics, automation, and... 
    Operations

    ID.me

    San Francisco, CA
    1 day ago
  •  ...transforming how enterprises operate. We build intelligent...  ...used across IT, HR, Finance, Security, Legal, and Engineering. Our mission is to...  ...vulnerability management, threat modeling, and security architecture...  ...(SAST, DAST, SCA, secrets detection, fuzzing, software supply‑... 
    Operations

    Serval

    San Francisco, CA
    4 days ago
  •  ...Staff Detection And Response Engineer Join WRITER's security team as a staff detection and response engineer and help protect...  ...strategic thinking to stay ahead of novel threats that don't exist in textbooks yet. You'll be the operational arm of our security function,... 
    Operations
    Full time
    Work at office
    Local area
    Flexible hours

    Writer Corporation

    San Francisco, CA
    3 days ago
  •  ...work alongside researchers, operators, and AI companies at the forefront...  .... You’ll own application security at a company where the app layer...  ...accelerate code review and threat modeling, and automating away...  ...path the easy path for 50+ engineers Threat models for new features... 
    Operations
    Remote work
    Shift work

    Mercor Inc

    San Francisco, CA
    4 days ago
  • $237.6k - $297k

     ...We are seeking a Senior Security Engineer with a specialty in Detection and Incident Response to join our Security...  ...sits at the intersection of security operations and software engineering - you won...  ...with the organization. Utilize threat intelligence platforms to improve... 
    Operations
    Full time

    Scale AI

    San Francisco, CA
    1 day ago
  • $110k - $160k

     ...warfighters, commercial air operators, and border protection...  ...ahead of evolving threats. CHAOS...  ...II to join our growing Security Operations team and help...  ...with senior security engineers, IT, and infrastructure...  ...phishing attempts, malware detections, and unauthorized... 
    Operations
    Contract work
    Work experience placement
    Casual work
    Relocation package

    CHAOS Industries

    San Francisco, CA
    5 days ago
  •  ...Product Manager - Identity Threat Detection and Response (ITDR) Saviynt...  ...their digital assets, drive operational efficiency, and reduce...  ...as the leader in identity security, with solutions that protect...  ...including real-time detection engineering, behavioral analytics, and... 
    Operations

    Saviynt

    San Francisco, CA
    1 day ago
  • $160k - $185k

    The Cyber Detection and Response Team Lead will play...  ...and leading a team of security professionals to...  ...and respond to cyber threats across the client’s environment...  ...client’s Security Engineering team to ensure...  ...technical direction and operational oversight on all detection... 
    Operations

    Control-Risks

    San Francisco, CA
    2 days ago
  • CHAOS Industries in San Francisco is looking for a SOC Analyst II to join their Security Operations team. In this role, you will defend against evolving security threats by monitoring systems and responding to incidents. Candidates should have 3-5 years of cybersecurity... 
    Operations
    Flexible hours

    CHAOS Industries

    San Francisco, CA
    9 days ago
  • $293k - $385k

     ...About the Team Security is at the foundation of OpenAI's...  ...technical in what we build but are operational in how we do our work, and...  ...Role As a Security Engineer on Detection & Response, you'll help...  ...with the right telemetry, threat models, and response playbooks... 

    OpenAI

    San Francisco, CA
    3 days ago
  •  ...group of committed researchers, engineers, policy experts, and business...  ...engineer to join Anthropic's Detection Platform team to build and scale our next-generation security analytics infrastructure. In...  ...Claude to transform security operations. Responsibilities Build... 
    Operations
    Work at office
    Visa sponsorship
    Flexible hours
    Shift work

    Colorwave Inc

    San Francisco, CA
    2 days ago
  • $160k - $185k

    Control Risks is seeking a Cyber Detection and Response Team Lead to establish and lead a world-class security team. The role involves developing strategies and leading professionals to detect and respond to cyber threats. The successful candidate will have over 10 years... 

    Control-Risks

    San Francisco, CA
    1 day ago
  •  ...and communications in one secure, integrated workplace management...  ..., compliant, and connected operations across every location....  ...scale initiatives, and shaping engineering strategy across...  ...security function focused on threat detection, visibility, and automation... 
    Operations
    Full time
    Work at office
    Local area
    Monday to Thursday
    Shift work

    Envoy

    San Francisco, CA
    3 days ago
  • $208k - $312k

     ...from idea to production with speed, security, and exceptional developer experience...  .... They will be built, extended, and operated by agents. We are building the...  ...Role: We are looking for a Security Engineer to join our Detection Response team. In this role, you will... 
    Operations
    Full time
    Work at office
    Remote work
    Work from home
    Worldwide
    Monday to Friday
    Flexible hours
    Shift work

    Vercel

    San Francisco, CA
    3 days ago
  • $180k - $280k

     ...help our customers run their operations in real-time. We’re backed by...  ...extremely talented software engineers across the stack. What you'll...  ...Own application and product security across what we've shipped and...  ...what's still to come, including threat modeling, secure design... 
    Operations
    Full time
    Work at office
    Relocation
    Flexible hours

    Pylon

    San Francisco, CA
    2 days ago
  • Asana is looking for an Engineering Manager to lead its Detection Engineering team in San Francisco. In this role, you will manage team resources and build detection capabilities essential for security. The ideal candidate has over 4 years in technical management, with... 
    Work at office
    3 days per week

    Asana

    San Francisco, CA
    4 days ago
  • $95.86k - $208.27k

     ...penetration testing engagements Execute threat modeling, evaluate application business...  ...(GWAPT), Council for Registered Ethical Security Testers (CREST), Offensive Security Web...  ...trustworthiness, and safeguard business operations and company reputation. Pursuant to the... 
    Operations
    Full time
    H1b
    Local area

    KPMG

    San Francisco, CA
    18 days ago
  •  ...Position Summary As a Security Engineer at HeyGen, you will own the...  ...for an engineer who thinks in threat models and ships code. Key...  ...the ground up. Fraud Detection & Remediation: Design and implement...  ...our SOC 2 compliance operations (currently managed via Drata... 
    Operations

    HeyGen

    San Francisco, CA
    1 day ago
  • $190k - $225k

     ...Senior Security Engineer Location: San Francisco,CA (onsite) Full Time...  ...You will help build, and operate the next generation of security...  ..., Network Security, detection engineering, incident response...  ...with detection engineering, threat hunting, adversary simulation... 
    Operations
    Full time

    Winmax Systems

    San Francisco, CA
    5 days ago
  • $249k - $405k

     ...12 months. The Role: We're hiring a Senior Security Engineer to own how Ivo detects, responds to, and defends against threats across our infrastructure, identity, network...  ...incident response, cloud and identity security operations, perimeter and network hardening,... 
    Operations
    Contract work
    Work at office
    Remote work

    IVO Inc

    San Francisco, CA
    5 days ago
  •  ...team of researchers, engineers, designers, and more,...  ...the future! As a Senior Security Engineer you will: Serve...  ...issues Lead security operation functions – including...  ...management, SAST, DAST, detection engineering, and...  ...security reviews and threat modeling, including code... 
    Operations
    Full time
    Work at office
    Remote work
    Flexible hours

    Jaide Health

    San Francisco, CA
    4 days ago
  • $110k - $160k

    Chaosindustries in San Francisco is seeking a SOC Analyst II to join their Security Operations team. This role involves monitoring and responding to cybersecurity incidents while collaborating with senior engineers to protect sensitive data. The ideal candidate should have 3-5... 
    Operations

    Chaosindustries

    San Francisco, CA
    4 days ago
  • $180k - $225k

     ...foundation for agent engineering in the real world, helping...  ..., deploying, and operating agents at scale. Today...  ...You’ll be the hands‑on security lead embedded with core...  ...AppSec: code review, threat modeling, secure design...  .... Experience building detection & response and running... 
    Operations
    Immediate start
    Flexible hours

    LangChain

    San Francisco, CA
    4 days ago
  • $210k - $230k

     ...Role: We're looking for a Senior Staff Security Engineer to lead Gusto's edge and network security strategy, owning the design and operation of our Cloudflare WAF, DDoS protection,...  ..., and clean rollback paths. Build detections and alerting on edge and network... 
    Operations
    Full time
    Work at office
    Local area
    Remote work
    2 days per week
    3 days per week

    gusto

    San Francisco, CA
    more than 2 months ago
  • Motive Partners is looking for an Engineering Lead for the Security Operations team in San Francisco. This role will involve mentoring engineers, overseeing hiring, and managing security projects across teams. Ideal candidates will have 8+ years in security engineering... 
    Operations

    Motive Partners

    San Francisco, CA
    4 days ago
  • $155k - $410k

     ...organisations from cyber threats through advanced...  ...vulnerabilities, develop secure systems, and provide proactive...  ...of Study Computer Engineering,Computer Applications,...  ...risk tolerance and operational requirements Lead...  ...efficiency, risk detection, and decision-making... 
    Full time
    Temporary work
    H1b

    PwC

    San Francisco, CA
    2 days ago
  • Mercor is seeking a Cybersecurity Expert to remotely evaluate AI-generated outputs related to threat analysis and security architecture. The ideal candidate will have 3+ years in cybersecurity and a strong analytical background. You will review resilience to threats, create... 
    Remote job
    Hourly pay
    Contract work

    Mercor Inc

    San Francisco, CA
    4 days ago
  • A leading financial services firm in San Francisco is looking for a Senior Security Operations Engineer to prevent, detect, and respond to security threats in their corporate and cloud environments. This individual will collaborate with teams across security, IT, and engineering... 
    Operations
    Remote job
    Work at office

    Brex

    San Francisco, CA
    1 day ago
  • $325k - $405k

     ...About the Team Security is at the foundation of OpenAI's mission to...  ...technical in what we build but are operational in how we do our work, and...  ...About the Role As a Security Engineer, Application Security you...  ...applications against security threats. Collaborate with Development... 
    Work at office
    Remote work
    Relocation package

    Dormont Manufacturing Company

    San Francisco, CA
    7 days ago
  • We have a security policy mandating all new hires complete an in‑person onboarding process - no exceptions. Security is...  ...identity verification and secure IT setup. The mission of an Engineering Lead for Security Operations is to drive the healthy growth of the engineering... 
    Operations
    Full time

    Anchorage Lending CA, LLC

    San Francisco, CA
    4 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Threat Detection Engineer - Security Operations. Be the first to apply!