Threat Detections Engineer II

<p>Have you ever had that green-light feeling? When you hit every green light and the day just feels like magic. CLEAR's mission is to create frictionless experiences where every day has that feeling. With more than 30+ million passionate members and hundreds of partners around the world, CLEAR’s identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - unlocking easier, more secure, and more seamless experiences - making them all feel like magic.</p> <p>We’re looking for a thoughtful and driven Threat Detection Engineer II to help strengthen CLEAR’s cyber defense capabilities. In this role, you’ll turn threat insights into meaningful action by designing, building, and refining the detections that keep our systems secure. You’ll spend your time developing reliable, high-quality detection logic, tuning existing rules to reduce noise, and automating key parts of the detection lifecycle so our teams can respond faster and more effectively.</p> <p>You’ll partner closely with teammates across Automation, SIEM Logging, and Threat Intelligence, working together to expand visibility and stay ahead of emerging threats. The right candidate is curious, analytical, and comfortable rolling up their sleeves to solve complex problems. If you enjoy understanding how attackers operate and translating that knowledge into practical, scalable defenses, this is a great opportunity to make a direct impact in a fast-paced, collaborative environment.</p> <hr> <h4><em><strong>What you’ll do</strong></em></h4> <ul> <li>Design, implement, and tune custom detections that identify malicious or anomalous activity across a wide range of data sources.</li> <li>Translate threat intelligence, incident learnings, and emerging trends into high-impact detection logic.</li> <li>Partner closely with Threat Intelligence, Incident Response, Automation, and other security teams to operationalize new detections, refine response strategies, and improve overall signal fidelity.</li> <li>Continuously assess detection performance by analyzing false positives, coverage gaps, and visibility across critical assets.</li> <li>Support and expand automation efforts across the detection lifecycle—including development, validation, deployment, and routine maintenance.</li> <li>Document detection logic, workflows, and data sources clearly and consistently to support repeatability and scale.</li> <li>Map detection coverage to frameworks like MITRE ATT&amp;CK and contribute to reducing measurable gaps over time.</li> </ul> <h4><em><strong>What you’re great at:</strong></em></h4> <ul> <li>Building, tuning, and validating detections in SIEM or cloud-native environments, with a strong understanding of networking, identity, endpoint telemetry, and modern attack techniques.</li> <li>Spotting patterns across network, endpoint, identity, and cloud data—and using them to uncover meaningful signals in noisy environments.</li> <li>Writing clear, scalable detection logic using rule languages, scripting, automation frameworks, and Detection-as-Code practices (e.g., GitHub workflows).</li> <li>Collaborating across security functions and communicating effectively to align detection outcomes with broader defense and business objectives.</li> <li>Staying curious, adaptable, and detail-oriented in a fast-moving threat landscape—constantly testing small improvements in tooling, process, and automation to drive program maturity.</li> <li>Bringing hands-on experience with tools such as Google Chronicle, YARA/YARA-L, BigQuery, SOAR platforms, and scripting languages like Python.</li> <li>Drawing on 3–5 years of experience in security operations or detection engineering; familiarity with frameworks like MITRE ATT&amp;CK and Sigma; and leveraging relevant certifications (e.g., CISSP, Sec+) when helpful, though not required.</li> </ul> <h4><em><strong>How You'll be Rewarded:</strong></em></h4> <p><em>At CLEAR we help YOU move forward - because when you’re at your best, we’re at our best. You’ll work with talented team members who are motivated by our mission of making experiences safer and easier. In our offices, you’ll enjoy benefits like meals and snacks. We invest in your well-being and learning &amp; development with our stipend and reimbursement programs.</em></p> <p><em>We offer holistic total rewards, including comprehensive healthcare plans, family building benefits (fertility and adoption/surrogacy support), flexible time off, free OneMedical memberships for you and your dependents, and a 401(k) retirement plan with employer match.</em></p> <p><em>Salaries will vary depending on various factors which include, but are not limited to location, education, skills, experience and performance. CLEAR’s total compensation package for employees and other rewards may include Restricted Stock Units. The base salary range for this role is $130,000 - $150,000, depending on levels of skills and experience.</em></p> <p><em>CLEAR provides reasonable accommodation to qualified individuals with disabilities or protected needs. Please let us know if you require a reasonable accommodation to apply for a job or perform your job. Examples of reasonable accommodation include, but are not limited to, time off, extra breaks, making a change to the application process or work procedures, policy exceptions, providing documents in an alternative format, live captioning or using a sign language interpreter, or using specialized equipment.</em></p> <p><em>We are committed to a transparent and secure hiring process. All communications related to this role will come directly from a CLEAR employee through valid CLEAR channels (e.g., a valid @clearme.com email address or verified CLEAR LinkedIn profile). We encourage candidates to remain alert to job scams and to report any suspicious activity.</em></p> <p><span style="font-size: 10pt; color: rgb(255, 255, 255);"><span style="font-weight: 400;">#LI-Onsite</span></span></p> <p>&nbsp;</p>