Threat Detection & Response Engineer III

YOUR MISSION

As a Threat Detection & Response Engineer III, you will be an integral part of our threat detection and response function, helping build and mature the detection capabilities, response processes, and security tooling that underpin our security operations program.

You'll design and implement detection capabilities, sharpen our incident response procedures, and contribute to the foundation of a world-class security program. Expect a fast-paced environment where your work carries real weight and directly influences our security posture.

This role is a great fit for someone who takes initiative, enjoys digging into hard problems, and wants to make a tangible impact on a growing security program.

This position requires the ability to obtain and maintain a security clearance.

Responsibilities

• Develop incident response plans, playbooks, and SOPs; build scalable processes to support future team growth
• Design and implement custom security detections across corporate and cloud environments, leveraging frameworks like MITRE ATT&CK
• Continuously tune detection rules and develop threat models to improve fidelity and address coverage gaps
• Monitor, triage, and respond to security alerts across multiple platforms and data sources
• Perform incident investigations through technical analysis, containment, eradication, and recovery; document findings and lessons learned
• Proactively hunt for threats and leverage threat intelligence to anticipate emerging adversary TTPs
• Administer and optimize EDR and SIEM platforms; integrate log sources to enhance visibility and correlation
• Build automation and orchestration workflows to improve response efficiency
• Partner with cross-functional teams (IT, Engineering, Legal, Compliance) and communicate technical findings to diverse stakeholders

Qualifications

• 3+ years of experience in cybersecurity, with at least 2 years focused on security operations, detection engineering, incident response, or threat hunting
• Experience in building or tuning security detections
• Familiarity with risk-based alerting and alert tuning, including strategies to reduce noise, improve detection fidelity, and prioritize high-signal alerts
• Familiarity with EDR platforms, including basic alert triage and response actions
• Working knowledge of Windows, MacOS, or Linux endpoint security and common attack techniques
• Familiarity with SIEM platforms and log analysis (e.g., Splunk, Elastic, or similar)
• Basic understanding of common attack vectors, TTPs, and security frameworks such as MITRE ATT&CK and the Cyber Kill Chain
• Experience with scripting (Python, PowerShell, or Bash) for automation or analysis tasks
• Clear verbal and written communication skills

Preferred Qualifications

An ideal candidate will also have:

• Active TS/SCI security clearance or ability to obtain and maintain a security clearance
• Knowledge of digital forensics and malware analysis techniques
• Experience building or significantly maturing a detection and response program
• Experience working in Azure Government Cloud (Azure GovCloud) environments
• Experience with cloud security monitoring in AWS, GCP, or Azure commercial environments
• Familiarity with CMMC, FedRAMP, NIST 800-53, or other federal compliance frameworks
• Experience with Detections-as-Code paradigms, GitOps, CI/CD, etc
• Experience participating in or supporting red team/purple team exercises

Work Environment

• This role will be onsite in our Denver (Centennial), CO office or our Long Beach, CA office
• This role operates in a fast-paced, high-stakes environment where rapid decision-making and adaptability are essential
• On-call rotation participation, including after-hours participation, is required for incident response coverage
• Must be comfortable working under pressure during active security incidents
• High degree of autonomy and ownership
• Direct access to leadership and opportunity to influence security strategy
  

Compensation

• Base Salary: $115,000 to $165,000
• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave 
• Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. 

What We Offer

• Competitive salary
• Opportunity to work on challenging, mission-critical security initiatives
• Professional development and certification support
• Collaborative culture with experienced security professionals

This position will be open until it is successfully filled. To submit your application, please follow the directions below.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.