Ambience Healthcare is hiring its first dedicated Threat Detection Engineer. You will build the detection engineering and incident response program from the ground up in a HIPAA-regulated, AI-first environment. This role involves writing production code, architecting security data pipelines, and defining the program to defend a novel and rapidly evolving attack surface involving LLM-powered agents.
What You'll Do
- Stand up a detection pipeline across highest-risk surfaces: AWS, Kubernetes, Okta, endpoints, and SaaS tools.
- Author environment-tuned detections with a full rule lifecycle that produces high-signal alerting.
- Build the incident response program end-to-end, including playbooks, escalation paths, evidence collection, and post-mortems.
- Evaluate, deploy, and integrate the core detection and response stack (SIEM, EDR, SOAR, cloud-native services).
- Build internal tooling and automation that reduces response time and operational toil.
- Use LLMs where they genuinely accelerate detection, triage, or investigation.
- Detect and respond to threats unique to clinical AI systems and agentic workflows.
What We're Looking For
- 5+ years in detection engineering, incident response, or a closely related security engineering role.
- Strong programming skills in Python, Go, or Rust, with experience shipping production code and internal tooling.
- Deep experience with AWS (or comparable cloud) and its native security services.
- Comfortable operating in Kubernetes environments.
- Experience building or significantly maturing a detection engineering program: authoring detections, managing rule lifecycles, and measuring coverage and precision.
- Ability to think in terms of attacker tradecraft and translate real-world intrusion patterns into relevant detections.
- Solid fundamentals in networking, infrastructure security, and identity/access management.
- A mindset that sets priorities based on risk and operational impact, not just coverage checklists.
Nice to Have
- Experience working with LLMs or agent-based workflows to automate security operations.
- Contributions to open-source security projects or published research.
- Experience building security programs at a startup where there was no established playbook to follow.
Technical Stack
- AWS, Kubernetes, Okta, Python, Go, Rust, SIEM, EDR, SOAR
Team & Environment
You will be the first dedicated detection and response hire, building the function from scratch on a small team. You'll have direct access to leadership.
Benefits & Compensation
- Salary range: $200,000–$250,000 per year + meaningful equity.
- Comprehensive medical, dental, and vision coverage for you and your dependents.
- 401(k) with a company match of up to 3% of base salary.
- Parental leave to support your family needs.
- Annual company-wide off-sites, team off-sites, regular team lunches and all-hands gatherings.
- Flexible time off with no annual cap, company-wide holidays, and an annual holiday shutdown from December 24–January 1.
Work Mode
This is a hybrid role based in the San Francisco area, with a remote-friendly culture (HQ in San Francisco) and full equipment provisioning.
Ambience Healthcare is an equal opportunity employer committed to building a diverse and inclusive workplace and does not discriminate on the basis of race, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, disability, veteran status, genetic information, or any other legally protected status.
