Senior Security Engineer, Threat Detection & Response

About The Position

Requirements

• 4+ years of experience in cybersecurity, with significant time spent leading incident response, complex investigations, threat hunting, or detection engineering
• Demonstrated experience leading multi-stakeholder investigations end-to-end, from initial triage through executive reporting and post-incident review
• Hands-on experience with digital forensics, malware triage, and evidence handling in environments where investigative rigor matters
• Experience building or contributing to an insider risk or insider threat monitoring program
• Strong working knowledge of EDR platforms, SIEM platforms (e.g., Splunk, Elastic, or similar), and SOAR tooling
• Working knowledge of Windows, MacOS, and Linux endpoint security and common attack techniques
• Solid understanding of attack vectors, adversary TTPs, and security frameworks such as MITRE ATT&CK and the Cyber Kill Chain
• Experience with scripting (e.g. Python, PowerShell, or Bash) for automation, enrichment, or analysis tasks
• Proven ability to brief executives and translate technical risk into business language
• Clear verbal and written communication skills, with experience producing intelligence reports, investigative findings, or executive briefings

Nice To Haves

• Active TS/SCI security clearance or ability to obtain and maintain a security clearance
• Knowledge of digital forensics and malware analysis techniques
• Experience building or significantly maturing a detection and response program
• Experience working in Azure Government Cloud (Azure GovCloud) environments
• Experience with cloud security monitoring in AWS, GCP, or Azure commercial environments
• Familiarity with CMMC, FedRAMP, NIST 800-53, or other federal compliance frameworks
• Experience with Detections-as-Code, CI/CD, etc
• Experience participating in or supporting red team/purple team exercises

Responsibilities

• Lead end-to-end incident response for complex, high-severity security events, including technical investigation, containment, eradication, recovery, and executive-level reporting
• Build and mature True Anomaly's insider risk monitoring program, including detection strategy, investigative playbooks, and cross-functional escalation paths
• Serve as the principal technical liaison between the security team and partner organizations (IT, Engineering, Legal, HR, Compliance, and external government partners), translating complex technical findings for non-technical decision-makers
• Perform evidence collection, digital forensics, and malware triage activities; ensure investigative findings are documented to a standard suitable for legal, regulatory, and law enforcement use
• Develop and operationalize incident response plans, playbooks, and SOPs that scale with team growth and mission complexity
• Design and tune detections across corporate, cloud, and mission environments, leveraging frameworks like MITRE ATT&CK
• Proactively hunt for threats, including insider threats, and leverage threat intelligence to anticipate emerging adversary TTPs
• Administer and optimize EDR, SIEM, and SOAR platforms; build automation to improve investigative efficiency
• Brief executive leadership on active incidents, threat landscape, and program maturity in clear business terms
• Mentor junior detection and response engineers and contribute to hiring as the team grows

Benefits

• Competitive salary
• Opportunity to work on challenging, mission-critical security initiatives
• Professional development and certification support
• Collaborative culture with experienced security professionals
• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave