Senior Security Engineer, Threat Detection and Response

True Anomaly•Long Beach, CA

10h•$155,000 - $225,000•Hybrid

About The Position

As a Senior Threat Detection & Response Engineer, you will be a founding member of our threat detection and response function. This is a unique opportunity to shape the future of Threat Detection & Response — defining strategy, selecting and iterating on tooling, establishing processes, and shaping the future of security operations at our company. In this role, you will have significant autonomy to design and implement detection capabilities, improve incident response procedures, and create the foundation for a world-class security program. You will be joining a fast-paced, challenging environment where your decisions and expertise will have direct, lasting impact on our security posture. This is an ideal role for a self-starter who thrives on ownership, wants to leave their mark on an organization, and is energized by the opportunity to solve challenging problems and build something meaningful. This position requires a minimum Secret clearance with strong preference for active TS/SCI clearance or the ability to obtain and maintain TS/SCI.

Requirements

6+ years of hands-on experience in security operations, detection engineering, incident response, or threat hunting
Proven experience building and deploying custom security detections in enterprise environments
Strong experience with CrowdStrike Falcon platform, including detection tuning, alert triage, and response actions
Strong experience across Windows, MacOS, and Linux endpoint security, including understanding of OS internals, attack techniques, and defensive measures
Proficiency with SIEM platforms and log analysis (e.g., Splunk, Elastic, Falcon NG-SIEM, or similar)
Strong understanding of common attack vectors, TTPs, and security frameworks (MITRE ATT&CK, NIST, Cyber Kill Chain)
Functional proficiency in at least one scripting language (Python, PowerShell, Bash) for automation and analysis
Excellent verbal and written communication skills
This position requires a minimum Secret clearance

Nice To Haves

Active TS/SCI security clearance or ability to obtain and maintain a security clearance
Experience building or significantly maturing a detection and response program
Experience working in Azure Government Cloud (Azure GovCloud) environments
Experience with cloud security monitoring in AWS, GCP, or Azure commercial environments
Familiarity with CMMC, FedRAMP, NIST 800-53, or other federal compliance frameworks
Knowledge of digital forensics and malware analysis techniques
Experience with Detections-as-Code paradigms, GitOps, CI/CD, etc
Experience participating in or supporting red team/purple team exercises

Responsibilities

Develop incident response plans, playbooks, and SOPs; build scalable processes to support future team growth
Design and implement custom security detections across corporate and cloud environments, leveraging frameworks like MITRE ATT&CK
Continuously tune detection rules and develop threat models to improve fidelity and address coverage gaps
Monitor, triage, and respond to security alerts across multiple platforms and data sources
Lead incident investigations through technical analysis, containment, eradication, and recovery; document findings and lessons learned
Proactively hunt for threats and leverage threat intelligence to anticipate emerging adversary TTPs
Administer and optimize CrowdStrike Falcon and SIEM platforms; integrate log sources to enhance visibility and correlation
Build automation and orchestration workflows to improve response efficiency
Partner with cross-functional teams (IT, Engineering, Legal, Compliance) and communicate technical findings to diverse stakeholders