# Threat Detection Engineer **Company:** [Idme](https://hotfix.jobs/companies/idme) **Location:** Mountain View, CA **Salary:** $113K-$140K **Experience:** 2+ years **Skills:** Splunk, Elastic Stack, Google Secops, Python, SQL, Yara-L, Sigma, Terraform, Git, Mitre Att&Ck, LLM APIs, RAG, Anomaly Detection, Snowflake **Posted:** 2026-06-25 > Develop and optimize high-fidelity threat detections across SIEM/SOAR platforms using Python, SQL, and AI/ML techniques. Focus on LLM-assisted workflows, AI-specific threat detection, and infrastructure-as-code for scalable security operations. ## Job Description ## Key Responsibilities - Design and implement detection logic across SIEM/SOAR platforms, including Splunk, Google Chronicle (SecOps), and Elastic/Logstash. - Build scalable detection rules, analytics, and anomaly models to detect adversary TTPs aligned with MITRE ATT&CK. - Develop and maintain detection-as-code using Python and YAML-based rule formats (e.g., Sigma, YARA-L, Kusto, or Lucene). - Design and evaluate LLM-assisted detection and triage workflows, including prompt engineering for alert enrichment, summarization, and classification. - Build and maintain AI-augmented detection pipelines: anomaly scoring, embedding-based similarity search, natural language parsing for phishing and social engineering detection, and LLM-based log analysis. - Apply AI security literacy to identify and detect risks in AI-integrated environments, including prompt injection, model abuse, data exfiltration via LLMs, and shadow AI usage. - Perform quality assurance and validation of alerts — including AI-generated signals — to minimize false positives and increase signal fidelity. - Leverage Snowflake and SQL to normalize and query large datasets across multiple telemetry sources, including AI system logs and API call records. - Contribute to infrastructure-as-code workflows for detection deployment (e.g., Terraform, GitOps pipelines). - Collaborate with Threat Intelligence and IR teams to translate threat actor TTPs — including those targeting AI systems — into actionable detections. - Participate in detection tuning, red/blue team exercises, and post-incident reviews, including adversarial testing of AI-assisted detection logic. - Maintain availability for 24x7 on-call rotation and ensure timely response to security incidents during standard EST business hours. ## Required Qualifications - 2-4 years in a security engineering or other relevant security operations role. - Proficiency with Splunk, Elastic Stack, Google SecOps (Chronicle), and/or Logstash. - Strong programming or scripting experience in Python and SQL. - Working experience authoring detection logic using YARA-L, Sigma, or equivalent formats. - Demonstrated AI literacy: hands-on experience using LLM APIs (e.g., OpenAI, Anthropic, Google Gemini) or AI/ML frameworks for security use cases, including prompt engineering, retrieval-augmented generation (RAG), or agentic workflows. - Understanding of AI/ML concepts relevant to detection: anomaly detection, clustering, embedding models, LLM-based enrichment, and the limitations and failure modes of these approaches. - Ability to assess and detect AI-specific threats: prompt injection, model inversion, training data poisoning, and LLM-facilitated social engineering. - Experience working with cloud-scale security data and log management tools. - Familiarity with MITRE ATT&CK, threat modeling, and behavioral-based detections. - Knowledge of Infrastructure-as-Code (IaC) and version control systems (e.g., GitHub, Terraform, GitLab CI/CD). ## Preferred Qualifications - Industry security certifications such as GCIA, GCIH, GCFA, Security+, or AI/ML security credentials. - Experience with Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE), including GKE security posture management, audit logging, and cloud-native workload monitoring. - Experience building or operating SOAR integrations with LLM-assisted triage or response recommendations. - Hands-on experience with agentic AI frameworks (e.g., LangChain, LlamaIndex, or custom tool-use pipelines) applied to security automation. - Familiarity with Snowflake's Security Data Lake or cloud-native log pipelines, including telemetry from AI platforms (e.g., OpenAI API logs, Azure AI services). - Exposure to red team/blue team collaboration, threat hunting, or adversary emulation frameworks, with emphasis on AI-enabled attack scenarios. - Experience red-teaming or evaluating LLM-based systems for security weaknesses. - Contributions to open-source detection or AI security tooling projects. ## Compensation & Benefits - Comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit. **Apply:** https://hotfix.jobs/jobs/threat-detection-engineer-at-idme-e83d0bae-9446-4fac-99f9-8a74df79079c **Canonical:** https://hotfix.jobs/jobs/threat-detection-engineer-at-idme-e83d0bae-9446-4fac-99f9-8a74df79079c