Threat Detection Engineer

Ambience HealthcareSan Francisco, CA
2d$200,000 - $250,000Hybrid
Match Resume

About The Position

Here at Ambience, we never set out to be just another scribe. We’re building the AI intelligence platform that restores humanity to healthcare and drives meaningful ROI for health systems across the country. Our technology helps providers focus on delivering great care by removing the administrative burden that pulls them away from patients and away from their most impactful work. Ambience delivers real-time coding-aware documentation and clinical workflow support across ambulatory, emergency and inpatient settings at the top health systems in North America. Our teams operate relentlessly with extreme ownership to build the best solutions for our health system partners. We value candor, positivity and deep thought — and we expect a lot from each other because we know the problems we’re solving truly matter. Ambience was ranked #1 for Improving the Clinician Experience in the KLAS Research Emerging Solutions Top 20 Report, recognized by Fast Company as one of the Next Big Things in Tech, named one of the best AI companies in healthcare by Inc., and selected as a LinkedIn Top Startup in 2024 and 2025. We’re backed by Oak HC/FT, Andreessen Horowitz (a16z), OpenAI Startup Fund, and Kleiner Perkins — and we’re just getting started. The Role: Ambience deploys clinical AI agents that operate in real time across the nation's largest health systems. When your product has autonomous access to infrastructure, credentials, and patient data at scale, detection and response isn't a support function, it's core to our business. You'll be our first dedicated D&R hire. You'll build the detection engineering and incident response program from scratch in a HIPAA-regulated, AI-native environment where the threat surface includes LLM-powered agents operating across infrastructure. You'll write production code, architect security data pipelines, and define what good looks like for D&R at a company where the attack surface is genuinely novel and rapidly evolving. Our engineering roles are hybrid in our SF office (3x/week).

Requirements

  • 5+ years in detection engineering, incident response, or a closely related security engineering role
  • Strong programming skills in Python, Go, or Rust. You ship production code and internal tooling, not just scripts
  • Deep experience with AWS (or comparable cloud) and its native security services; comfortable operating in Kubernetes environments
  • You've built or significantly matured a detection engineering program: authored detections, managed rule lifecycles, measured coverage and precision
  • You think in terms of attacker tradecraft and can translate real-world intrusion patterns into detections that matter
  • Solid fundamentals in networking, infrastructure security, and identity/access management
  • You set priorities with risk and operational impact, not just coverage checklists

Nice To Haves

  • Bonus points if you've worked with LLMs or agent-based workflows to automate security operations, contributed to open-source security projects or published research, or built security programs at a startup where there was no playbook to follow.

Responsibilities

  • Detection Engineering: Stand up a detection pipeline across our highest-risk surfaces: AWS, Kubernetes, Okta, endpoints, and SaaS tools.
  • Author environment-tuned detections with a full rule lifecycle that produces high-signal alerting the on-call team actually trusts.
  • Incident Response: Build the IR program end-to-end: playbooks, escalation paths, evidence collection, post-mortems.
  • Procedures that are documented, rehearsed, and satisfy both operational and HIPAA needs.
  • Security Tooling & Automation: Evaluate, deploy, and integrate the core D&R stack (SIEM, EDR, SOAR, cloud-native services).
  • Build internal tooling and automation that reduces response time and toil.
  • Use LLMs where they genuinely accelerate detection, triage, or investigation.
  • Agent Security: Detect and respond to threats unique to clinical AI systems and agentic workflows: abnormal tool access, credential abuse, data exfiltration, and novel attack patterns that don't show up in traditional threat models.

Benefits

  • Comprehensive medical, dental, and vision coverage for you and your dependents
  • 401(k) with a company match of up to 3% of base salary
  • A remote-friendly culture (with a San Francisco HQ) and full equipment provisioning to ensure you can work effectively from wherever you’re based.
  • Parental leave to support your family needs
  • Annual company-wide off-sites, team off-sites and regular team lunches and all-hands gatherings, with travel, lodging and meals covered
  • Flexible time off with no annual cap, company-wide holidays and an annual holiday shutdown from December 24–January 1 designed to support real rest and long-term sustainability.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Job Search Resources

Similar Threat Detection Engineer job opportunities

Threat Detection Engineer
TENEX.AI
TENEX.AI • Overland Park, KS11d • Onsite
Threat Detection Engineer
Ambience Healthcare
Ambience Healthcare • San Francisco, CA3d • $200,000 - $250,000 • Hybrid
Threat Detection Engineer
TENEX.AI
TENEX.AI • Sarasota, FL10d • Onsite
Principal Security Engineer, Threat Detection
Google
Google • Sunnyvale, CA3d • $307,000 - $427,000
Cyber Threat Detection Specialist
King & Spalding
King & Spalding • Atlanta, GA2d
🔥 New JobCyber Threat Detection Specialist
King & Spalding
King & Spalding • Atlanta, GA1d
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service