Jobs · Information Technology · Virginia

Threat Detection Engineer – Security Operations

ID.me · McLean, VA · 2 wk ago
Information Technology$113k–$140k/yrFull-time

Key Responsibilities

  • Design and implement detection logic across SIEM/SOAR platforms, including Splunk, Google Chronicle (SecOps), and Elastic/Logstash.
  • Build scalable detection rules, analytics, and anomaly models to detect adversary TTPs aligned with MITRE ATT&CK.
  • Develop and maintain detection-as-code using Python and YAML-based rule formats (e.g., Sigma, YARA-L, Kusto, or Lucene).
  • Design and evaluate LLM-assisted detection and triage workflows, including prompt engineering for alert enrichment, summarization, and classification.
  • Build and maintain AI-augmented detection pipelines: anomaly scoring, embedding-based similarity search, natural language parsing for phishing and social engineering detection, and LLM-based log analysis.
  • Apply AI security literacy to identify and detect risks in AI-integrated environments, including prompt injection, model abuse, data exfiltration via LLMs, and shadow AI usage.
  • Perform quality assurance and validation of alerts — including AI-generated signals — to minimize false positives and increase signal fidelity.
  • Leverage Snowflake and SQL to normalize and query large datasets across multiple telemetry sources, including AI system logs and API call records.
  • Contribute to infrastructure-as-code workflows for detection deployment (e.g., Terraform, GitOps pipelines).
  • Collaborate with Threat Intelligence and IR teams to translate threat actor TTPs — including those targeting AI systems — into actionable detections.
  • Participate in detection tuning, red/blue team exercises, and post-incident reviews, including adversarial testing of AI-assisted detection logic.
  • Maintain availability for 24x7 on-call rotation and ensure timely response to security incidents during standard EST business hours.

Required Qualifications

  • 2-4 years in a security engineering or other relevant security operations role.
  • Proficiency with Splunk, Elastic Stack, Google SecOps (Chronicle), and/or Logstash.
  • Strong programming or scripting experience in Python and SQL.
  • Working experience authoring detection logic using YARA-L, Sigma, or equivalent formats.
  • Demonstrated AI literacy: hands-on experience using LLM APIs (e.g., OpenAI, Anthropic, Google Gemini) or AI/ML frameworks for security use cases, including prompt engineering, retrieval-augmented generation (RAG), or agentic workflows.
  • Understanding of AI/ML concepts relevant to detection: anomaly detection, clustering, embedding models, LLM-based enrichment, and the limitations and failure modes of these approaches.
  • Ability to assess and detect AI-specific threats: prompt injection, model inversion, training data poisoning, and LLM-facilitated social engineering.
  • Experience working with cloud-scale security data and log management tools.
  • Familiarity with MITRE ATT&CK, threat modeling, and behavioral-based detections.
  • Knowledge of Infrastructure-as-Code (IaC) and version control systems (e.g., GitHub, Terraform, GitLab CI/CD).

Preferred Qualifications

  • Industry security certifications such as GCIA, GCIH, GCFA, Security+, or AI/ML security credentials.
  • Experience with Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE), including GKE security posture management, audit logging, and cloud-native workload monitoring.
  • Experience building or operating SOAR integrations with LLM-assisted triage or response recommendations.
  • Hands-on experience with agentic AI frameworks (e.g., LangChain, LlamaIndex, or custom tool-use pipelines) applied to security automation.
  • Familiarity with Snowflake's Security Data Lake or cloud-native log pipelines, including telemetry from AI platforms (e.g., OpenAI API logs, Azure AI services).
  • Exposure to red team/blue team collaboration, threat hunting, or adversary emulation frameworks, with emphasis on AI-enabled attack scenarios.
  • Experience red-teaming or evaluating LLM-based systems for security weaknesses.
  • Contributions to open-source detection or AI security tooling projects.

Similar jobs