Senior Security Engineer, Threat Detection & Response

<div class="content-intro"><p class="ms-outlook-mobile-reference-message">Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.</p> <p class="ms-outlook-mobile-reference-message"><u>OUR MISSION</u></p> <p class="ms-outlook-mobile-reference-message">True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.</p> <p class="ms-outlook-mobile-reference-message"><u>OUR VALUES</u></p> <ul> <li class="ms-outlook-mobile-reference-message"><strong>Be the offset.</strong><span class="Apple-converted-space">&nbsp;</span>We create asymmetric advantages with creativity and ingenuity.</li> <li class="ms-outlook-mobile-reference-message"><strong>What would it take?</strong>&nbsp;We challenge assumptions to deliver ambitious results.</li> <li class="ms-outlook-mobile-reference-message"><strong>It’s the people.</strong>&nbsp;Our team is our competitive advantage and we are better together.</li> </ul></div><p></p> <h2 id="SeniorSecurityEngineer,ThreatDetection&amp;Response-YOURMISSION"><u>YOUR MISSION</u></h2> <p class="font-claude-response-body break-words whitespace-normal">As a Senior Security Engineer on the Threat Detection &amp; Response team, you will lead complex incident investigations, mature our insider risk program, and serve as a trusted partner to engineering, legal, executive leadership, and external stakeholders during high-stakes security events.</p> <p class="font-claude-response-body break-words whitespace-normal">You'll lead end-to-end response for the most sensitive security incidents, build and scale our insider risk monitoring capabilities, and translate complex technical findings into actionable insights for both technical teams and C-suite stakeholders. You'll set the bar for investigative diligence, evidence handling, and cross-functional coordination during high-stakes situations.</p> <p class="font-claude-response-body break-words whitespace-normal">This role is a great fit for a seasoned investigator and incident responder who thrives in high-pressure environments, has deep experience navigating multi-stakeholder investigations, and wants to make a tangible impact on a growing security program.</p> <p class="font-claude-response-body break-words whitespace-normal">This position requires the ability to obtain and maintain a security clearance.</p> <h2 id="SeniorSecurityEngineer,ThreatDetection&amp;Response-Responsibilities">Responsibilities</h2> <ul> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="faf0eccd-d544-4844-8196-9a430ba189c9">Lead end-to-end incident response for complex, high-severity security events, including technical investigation, containment, eradication, recovery, and executive-level reporting</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="7606396d-5690-4abe-9f27-179cfc203164">Build and mature True Anomaly's insider risk monitoring program, including detection strategy, investigative playbooks, and cross-functional escalation paths</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="c08992df-29b1-41d0-bebd-4d667bb3b902">Serve as the principal technical liaison between the security team and partner organizations (IT, Engineering, Legal, HR, Compliance, and external government partners), translating complex technical findings for non-technical decision-makers</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="da5ef7b1-f9b8-4820-98f8-57446c890780">Perform evidence collection, digital forensics, and malware triage activities; ensure investigative findings are documented to a standard suitable for legal, regulatory, and law enforcement use</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="f7894f90-abc9-416e-98ec-e2e1380d3bc3">Develop and operationalize incident response plans, playbooks, and SOPs that scale with team growth and mission complexity</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="65c09064-705d-4e34-9884-27928dea4022">Design and tune detections across corporate, cloud, and mission environments, leveraging frameworks like MITRE ATT&amp;CK</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="f87fa743-f7d2-4a6b-893b-bf680752df87">Proactively hunt for threats, including insider threats, and leverage threat intelligence to anticipate emerging adversary TTPs</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="d805e0a0-216d-46cb-b816-cfff2028a02c">Administer and optimize EDR,&nbsp;<span class="terms-mark terms-term-selector">SIEM</span>, and SOAR platforms; build automation to improve investigative efficiency</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="6911dda9-50f9-42bc-b15f-98e7a6075062">Brief executive leadership on active incidents, threat landscape, and program maturity in clear business terms</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="f66d8767-59fb-4633-a0d2-bf2cabac81a1">Mentor junior detection and response engineers and contribute to hiring as the team grows</li> </ul> <h2 id="SeniorSecurityEngineer,ThreatDetection&amp;Response-Qualifications">Qualifications</h2> <p>A good candidate will have:</p> <ul> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="c46b63df-6d4d-4290-9012-8d6b47b0d6d3">4+ years of experience in cybersecurity, with significant time spent leading incident response, complex investigations, threat hunting, or detection engineering</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="d705245b-a769-48dc-b981-b4dfcf9ba209">Demonstrated experience leading multi-stakeholder investigations end-to-end, from initial triage through executive reporting and post-incident review</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="6c65a02b-69e7-4060-8b63-4c09cbdbe708">Hands-on experience with digital forensics, malware triage, and evidence handling in environments where investigative rigor matters</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="822ab7d0-e191-444f-bd05-e6c2e6109c52">Experience building or contributing to an insider risk or insider threat monitoring program</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="9b4eb0af-4359-4809-a7ae-2ae8f1c23fb3">Strong working knowledge of EDR platforms,&nbsp;<span class="terms-mark terms-term-selector">SIEM</span>&nbsp;platforms (e.g., Splunk, Elastic, or similar), and SOAR tooling</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="b20f05b3-7cbf-4412-b5b7-18b5bfd1acf4">Working knowledge of Windows, MacOS, and Linux endpoint security and common attack techniques</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="2a0c2cc4-1b75-4d69-9b04-cc730f48ef2e">Solid understanding of attack vectors, adversary TTPs, and security frameworks such as MITRE ATT&amp;CK and the Cyber Kill Chain</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="3dde9ba4-9b46-4aaa-9d8b-b846d3c9e2e7">Experience with scripting (e.g. Python, PowerShell, or Bash) for automation, enrichment, or analysis tasks</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="b7c6de20-d9bf-40e3-b2f0-32c099aa9085">Proven ability to brief executives and translate technical risk into business language</li> <li class="font-claude-response-body whitespace-normal break-words pl-2" data-uuid="759c811d-ef99-4321-8cb4-f1966a7c9725">Clear verbal and written communication skills, with experience producing intelligence reports, investigative findings, or executive briefings</li> </ul> <h2 id="SeniorSecurityEngineer,ThreatDetection&amp;Response-PreferredQualifications">Preferred Qualifications</h2> <p>An ideal candidate will also have:</p> <ul> <li data-uuid="7336dc15-e53c-4e33-80cb-6c4bae033117">Active TS/SCI security clearance or ability to obtain and maintain a security clearance</li> <li data-uuid="b6a1ddcb-e825-40f8-9443-025253b249ec">Knowledge of digital forensics and malware analysis techniques</li> <li data-uuid="d8e42911-b5d1-4657-b7c3-a0f00ab61cc7">Experience building or significantly maturing a detection and response program</li> <li data-uuid="21008e07-02dc-49e6-95f4-aede8e38156d">Experience working in Azure Government Cloud (Azure GovCloud) environments</li> <li data-uuid="309f12d9-ad49-4647-8276-37ea4653cd7d">Experience with cloud security monitoring in AWS, GCP, or Azure commercial environments</li> <li data-uuid="d3883a8d-9c99-4b6e-b668-bab80baf5b99">Familiarity with CMMC, FedRAMP, NIST 800-53, or other federal compliance frameworks</li> <li data-uuid="fa81cb33-cd9e-43fb-b160-cde4a81ea74c">Experience with Detections-as-Code, CI/CD, etc</li> <li data-uuid="7fbe46ce-d23b-47a0-81e6-097bc1106c0f">Experience participating in or supporting red team/purple team exercises</li> </ul> <h2 id="SeniorSecurityEngineer,ThreatDetection&amp;Response-WorkEnvironment">Work Environment</h2> <ul> <li data-uuid="ca4c6a04-3e11-4e38-ae85-a063a35fa413">This role operates in a fast-paced, high-stakes environment where rapid decision-making and adaptability are essential</li> <li data-uuid="ca4c6a04-3e11-4e38-ae85-a063a35fa413">Onsite work is required in our Denver or Long Beach offices</li> <li data-uuid="8f577af2-22a0-4f35-9ee5-9f3457f345f5">On-call rotation participation, including after-hours participation, is required for incident response coverage</li> <li data-uuid="6205eb89-d65b-48db-a3e6-edbb5d4d80aa">Must be comfortable working under pressure during active security incidents</li> <li data-uuid="8a65cd92-8134-4e11-9ee6-7e8d98e663c3">High degree of autonomy and ownership</li> <li data-uuid="2cdaa5d6-36fa-4918-b057-223d3ccb638e">Direct access to leadership and opportunity to influence security strategy</li> </ul> <h2 id="SeniorSecurityEngineer,ThreatDetection&amp;Response-WhatWeOffer">What We Offer</h2> <ul> <li data-uuid="bf7357e5-3f34-48e9-9a6b-1d8796a2e5eb">Competitive salary</li> <li data-uuid="ae01eead-0325-4c6e-bdf4-8ac12bf3cf60">Opportunity to work on challenging, mission-critical security initiatives</li> <li data-uuid="c1024dfe-b93a-4470-9292-ee52a668dd97">Professional development and certification support</li> <li data-uuid="59720a5a-8277-4f14-bed1-618f9e0b4941">Collaborative culture with experienced security professionals</li> </ul> <p><strong>Equity + Benefits</strong>&nbsp;including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave&nbsp;<br><br></p> <p><strong>COMPENSATION</strong></p> <ul> <li><strong>Base Salary: </strong>Denver - $145,000 - $230,000, Long Beach - $150,000 - $240,000</li> <li><strong>Equity + Benefits</strong> including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave&nbsp;</li> </ul> <p><em>Your actual level and base salary will be&nbsp;determined on a case-by-case basis and may vary based on the following considerations</em></p> <p><span class="TextRun SCXW267002851 BCX0"><span class="NormalTextRun SCXW267002851 BCX0">This position will be open until it is successfully filled. To&nbsp;</span><span class="NormalTextRun SCXW267002851 BCX0">submit</span><span class="NormalTextRun SCXW267002851 BCX0"> your application, please follow the directions below. #LI-Onsite</span></span></p> <p><em>To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.</em></p> <p></p><div class="content-conclusion"><p>To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.</p> <p>True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.</p> <p>&nbsp;</p></div>