As a Senior Security Engineer on the Threat Detection & Response team, you will lead complex incident investigations, mature our insider risk program, and serve as a trusted partner to engineering, legal, executive leadership, and external stakeholders during high-stakes security events.

You'll lead end-to-end response for the most sensitive security incidents, build and scale our insider risk monitoring capabilities, and translate complex technical findings into actionable insights for both technical teams and C-suite stakeholders. You'll set the bar for investigative diligence, evidence handling, and cross-functional coordination during high-stakes situations.

This role is a great fit for a seasoned investigator and incident responder who thrives in high-pressure environments, has deep experience navigating multi-stakeholder investigations, and wants to make a tangible impact on a growing security program.

This position requires the ability to obtain and maintain a security clearance.
Responsibilities

• Lead end-to-end incident response for complex, high-severity security events, including technical investigation, containment, eradication, recovery, and executive-level reporting
• Build and mature True Anomaly's insider risk monitoring program, including detection strategy, investigative playbooks, and cross-functional escalation paths
• Serve as the principal technical liaison between the security team and partner organizations (IT, Engineering, Legal, HR, Compliance, and external government partners), translating complex technical findings for non-technical decision-makers
• Perform evidence collection, digital forensics, and malware triage activities; ensure investigative findings are documented to a standard suitable for legal, regulatory, and law enforcement use
• Develop and operationalize incident response plans, playbooks, and SOPs that scale with team growth and mission complexity
• Design and tune detections across corporate, cloud, and mission environments, leveraging frameworks like MITRE ATT&CK
• Proactively hunt for threats, including insider threats, and leverage threat intelligence to anticipate emerging adversary TTPs
• Administer and optimize EDR, SIEM, and SOAR platforms; build automation to improve investigative efficiency
• Brief executive leadership on active incidents, threat landscape, and program maturity in clear business terms
• Mentor junior detection and response engineers and contribute to hiring as the team grows

Qualifications

A good candidate will have:

• 4+ years of experience in cybersecurity, with significant time spent leading incident response, complex investigations, threat hunting, or detection engineering
• Demonstrated experience leading multi-stakeholder investigations end-to-end, from initial triage through executive reporting and post-incident review
• Hands-on experience with digital forensics, malware triage, and evidence handling in environments where investigative rigor matters
• Experience building or contributing to an insider risk or insider threat monitoring program
• Strong working knowledge of EDR platforms, SIEM platforms (e.g., Splunk, Elastic, or similar), and SOAR tooling
• Working knowledge of Windows, MacOS, and Linux endpoint security and common attack techniques
• Solid understanding of attack vectors, adversary TTPs, and security frameworks such as MITRE ATT&CK and the Cyber Kill Chain
• Experience with scripting (e.g. Python, PowerShell, or Bash) for automation, enrichment, or analysis tasks
• Proven ability to brief executives and translate technical risk into business language
• Clear verbal and written communication skills, with experience producing intelligence reports, investigative findings, or executive briefings

Preferred Qualifications

An ideal candidate will also have:

• Active TS/SCI security clearance or ability to obtain and maintain a security clearance
• Knowledge of digital forensics and malware analysis techniques
• Experience building or significantly maturing a detection and response program
• Experience working in Azure Government Cloud (Azure GovCloud) environments
• Experience with cloud security monitoring in AWS, GCP, or Azure commercial environments
• Familiarity with CMMC, FedRAMP, NIST 800-53, or other federal compliance frameworks
• Experience with Detections-as-Code, CI/CD, etc
• Experience participating in or supporting red team/purple team exercises

Work Environment

• This role operates in a fast-paced, high-stakes environment where rapid decision-making and adaptability are essential
• Onsite work is required in our Denver or Long Beach offices
• On-call rotation participation, including after-hours participation, is required for incident response coverage
• Must be comfortable working under pressure during active security incidents
• High degree of autonomy and ownership
• Direct access to leadership and opportunity to influence security strategy

What We Offer

• Competitive salary
• Opportunity to work on challenging, mission-critical security initiatives
• Professional development and certification support
• Collaborative culture with experienced security professionals

Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

COMPENSATION

• Base Salary: Denver - $145,000 - $230,000, Long Beach - $150,000 - $240,000
• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations

This position will be open until it is successfully filled. To submit your application, please follow the directions below. #LI-Onsite

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.