Threat Detection Engineer – Security Operations
Listed on 2026-07-10
-
IT/Tech
Cybersecurity, AI Engineer (Applied/Software)
Company Overview
is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations.
More than 600+ consumer brands use to verify communities and user segments to honor service and build more authentic relationships. ’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. is committed to "No Identity Left Behind" to enable all people to have a secure digital identity.
To learn more, visit (Use the "Apply for this Job" box below)..
is a full-time, in-office culture. Unless a specific job description explicitly states otherwise, all roles are on-site five days per week at one of our offices in McLean, VA;
Mountain View, CA;
New York City, NY; or Tampa, FL. Certain roles — such as field-based sales or other remote-by-design positions — may have different work arrangements as noted in their individual postings. At , we embrace the thoughtful use of AI tools in our daily work and there are even occasions where we leverage AI in our hiring process. However, during the interview process, we want to understand your individual skills and experiences.
Therefore, we have guidelines on how AI can be appropriately used during your application and interviews which can be found here.
We are seeking a Threat Detection Engineer to join our security engineering and operations team. In this role, you will develop, test, and optimize high-fidelity detections across modern security data platforms, with a focus on security analytics, automation, and threat detection will be expected to bring — and continuously develop — strong AI literacy: designing detection workflows that leverage large language models, anomaly detection, and agentic pipelines, while also understanding and defending against AI-specific attack surfaces.
You should be comfortable writing structured, reusable detection logic, working with infrastructure-as-code (IaC), and integrating behavioral and threat intelligence into detection strategies. You will collaborate closely with incident response, threat intel, and platform engineering teams to ensure resilient, high-quality coverage of modern threat scenarios across cloud and enterprise environments — including threats targeting and exploiting AI systems.
- Design and implement detection logic across SIEM/SOAR platforms, including Splunk, Google Chronicle (Sec Ops), and Elastic/Logstash.
- Build scalable detection rules, analytics, and anomaly models to detect adversary TTPs aligned with MITRE ATT&CK.
- Develop and maintain detection-as-code using Python and YAML-based rule formats (e.g., Sigma, YARA-L, Kusto, or Lucene).
- Design and evaluate LLM-assisted detection and triage workflows, including prompt engineering for alert enrichment, summarization, and classification.
- Build and maintain AI-augmented detection pipelines: anomaly scoring, embedding-based similarity search, natural language parsing for phishing and social engineering detection, and LLM-based log analysis.
- Apply AI security literacy to identify and detect risks in AI-integrated environments, including prompt injection, model abuse, data exfiltration via LLMs, and shadow AI usage.
- Perform quality assurance and validation of alerts — including AI-generated signals — to minimize false positives and increase signal fidelity.
- Leverage Snowflake and SQL to normalize and query large datasets across multiple telemetry sources, including AI system logs and API call records.
- Contribute to infrastructure-as-code workflows for detection deployment (e.g., Terraform, Git Ops pipelines).
- Collaborate with Threat Intelligence and IR teams to translate threat actor TTPs — including those targeting AI systems — into actionable detections.
- Part…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).