Senior Security Engineer, Threat Detection and Response

A new space race has begun. True Anomaly seeks those with the talent and ambition to build innovative technology that solves the next generation of engineering, manufacturing, and operational challenges for space security and sustainability.

OUR MISSION

The peaceful use of space is essential for continued prosperity on Earth-from communications and finance to navigation and logistics. True Anomaly builds innovative technology at the intersection of spacecraft, software, and AI to enhance the capabilities of the U.S., its allies, and commercial partners. We safeguard global security by ensuring space access and sustainability for all.

OUR VALUES

• Be the offset. We create asymmetric advantages with creativity and ingenuity
• What would it take? We challenge assumptions to deliver ambitious results
• It's the people. Our team is our competitive advantage and we are better together

YOUR MISSION

As a Senior Threat Detection & Response Engineer, you will be a founding member of our threat detection and response function. This is a unique opportunity to shape the future of Threat Detection & Response - defining strategy, selecting and iterating on tooling, establishing processes, and shaping the future of security operations at our company.

In this role, you will have significant autonomy to design and implement detection capabilities, improve incident response procedures, and create the foundation for a world-class security program. You will be joining a fast-paced, challenging environment where your decisions and expertise will have direct, lasting impact on our security posture.

This is an ideal role for a self-starter who thrives on ownership, wants to leave their mark on an organization, and is energized by the opportunity to solve challenging problems and build something meaningful.

This position requires a minimum Secret clearance with strong preference for active TS/SCI clearance or the ability to obtain and maintain TS/SCI.

RESPONSIBILITIES

• Develop incident response plans, playbooks, and SOPs; build scalable processes to support future team growth
• Design and implement custom security detections across corporate and cloud environments, leveraging frameworks like MITRE ATT&CK
• Continuously tune detection rules and develop threat models to improve fidelity and address coverage gaps
• Monitor, triage, and respond to security alerts across multiple platforms and data sources
• Lead incident investigations through technical analysis, containment, eradication, and recovery; document findings and lessons learned
• Proactively hunt for threats and leverage threat intelligence to anticipate emerging adversary TTPs
• Administer and optimize CrowdStrike Falcon and SIEM platforms; integrate log sources to enhance visibility and correlation
• Build automation and orchestration workflows to improve response efficiency
• Partner with cross-functional teams (IT, Engineering, Legal, Compliance) and communicate technical findings to diverse stakeholders

QUALIFICATIONS

• 6+ years of hands-on experience in security operations, detection engineering, incident response, or threat hunting
• Proven experience building and deploying custom security detections in enterprise environments
• Strong experience with CrowdStrike Falcon platform, including detection tuning, alert triage, and response actions
• Strong experience across Windows, MacOS, and Linux endpoint security, including understanding of OS internals, attack techniques, and defensive measures
• Proficiency with SIEM platforms and log analysis (e.g., Splunk, Elastic, Falcon NG-SIEM, or similar)
• Strong understanding of common attack vectors, TTPs, and security frameworks (MITRE ATT&CK, NIST, Cyber Kill Chain)
• Functional proficiency in at least one scripting language (Python, PowerShell, Bash) for automation and analysis
• Excellent verbal and written communication skills
• This position requires a minimum Secret clearance

PREFERRED SKILLS AND EXPERIENCE

• Active TS/SCI security clearance or ability to obtain and maintain a security clearance
• Experience building or significantly maturing a detection and response program
• Experience working in Azure Government Cloud (Azure GovCloud) environments
• Experience with cloud security monitoring in AWS, GCP, or Azure commercial environments
• Familiarity with CMMC, FedRAMP, NIST 800-53, or other federal compliance frameworks
• Knowledge of digital forensics and malware analysis techniques
• Experience with Detections-as-Code paradigms, GitOps, CI/CD, etc
• Experience participating in or supporting red team/purple team exercises

WORK ENVIRONMENT

• This role operates in a fast-paced, high-stakes environment where rapid decision-making and adaptability are essential
• On-call rotation participation, including after-hours participation, is required for incident response coverage
• Must be comfortable working under pressure during active security incidents
• High degree of autonomy and ownership as the founding member of this function
• Direct access to leadership and opportunity to influence security strategy

COMPENSATION

• Colorado Base Salary: $155,000-$215,000
• California Base Salary: $160,000-$225,000
• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.

ADDITIONAL REQUIREMENTS

• Work Location-while we observe a hybrid work environment, you will need to be onsite as the business needs require. On an average week, you can expect to spend at least 3 days per week in office.
• Work environment-the work environment; temperature, noise level, inside or outside, or other factors that will affect the person's working conditions while performing the job.
• Physical demands-the physical demands of the job, including bending, sitting, lifting and driving.

This position will be open until it is successfully filled. To submit your application, please follow the directions below. #LI-Hybrid

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.