<div><img src="https://mc.yandex.ru/watch/71228401" style="position:absolute; left:-9999px;" alt="" /></div>
Use AI search

Purpose of Job

We are currently seeking a talented Cloud Threat Detections Engineer I that will investigate, analyze, and responds to security anomalies and events (e.g. suspicious behavior, attacks, and security breaches) within USAA’s environments using a variety of cyber defense tools to detect and respond to threats. Conducts vulnerability, security configuration, and/or penetration testing assessments of systems and networks. Identifies cyber threats, analyzes operational impacts, and communicates to appropriate stakeholders. Stays current with latest information security threats, exploits, trends, and intelligence.

This role can work in a 100% Remote Work Environment or at one of our many locations across the US such as: San Antonio, Plano, Phoenix, Colorado, and Tampa.

The USAA Cyber Threat Operations Center is USAA’s equivalent to a Security Operations Center (SOC). The CTOC exists to detect, analyze, and respond to cyber security events. It is comprised of several teams, all reporting to the AVP of Information Security Engineering & Cybersecurity. These teams are individual units that partner as needed to provide centralized and coordinated incident response activities.

The Cyber Capabilities Team (CCT) identifies, develops, and deploys custom threat detection and data analytics solutions to monitor USAA systems, users, and network, conducts Red Team operations, and manages custom CTOC infrastructure.

Job Requirements

About USAA

USAA knows what it means to serve. We facilitate the financial security of millions of U.S. military members and their families. This singular mission requires a dedication to innovative thinking at every level.

USAA Careers – World Class Benefits (31 seconds)


Our most important qualification isn't technical, it's human. Here, we don't just sit in front of a screen. We stand behind our 12 million members who rely on us every day.

We are over 5,000 employees strong, a passionately supportive and collaborative team built on agile principles. We've been a top-two Computerworld 100 Best Places to Work in IT five years in a row and were recently named a Top 50 Employer for Minority Engineers & IT by Workforce Diversity Magazine.

See what it's like to work for a company where your passion meets our purpose:

USAA Information Technology: A Realistic Preview


  • Researches and analyzes the latest information security vulnerabilities, threats, exploits, trends, and intelligence.

  • Conducts routine vulnerability management, security configuration assessments, and/or penetration testing operations and manages the resulting findings.

  • Monitors internal and external networks, systems, and applications for security anomalies and events (e.g. suspicious behavior, attacks, and security breaches).  Responds to cyber incidents, performing detailed analysis using complex security tools to determine root cause. Must use a broad range of demonstrated experience (e.g. forensics, networking, servers, coding, etc.) to determine a malicious actor's tactics, techniques, and procedures.

  • Uses the discoveries from the incident response process to make moderately complex improvements to the existing detection capabilities and security controls.

  • Prepares written briefs with recommendations to leadership on latest threats, alerts, and incidents.

  • Work is completed independently. Serves as a resource to team members on escalated issues of an unusual nature.

  • Identifies and manages existing and emerging risks that stem from business activities and ensures risks associated with business activities are effectively identified, measured, monitored, and controlled.

  • Follows written risk and compliance policies and procedures for business activities.


  • Bachelor’s Degree, OR, 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree.

  • 4 or more years of related experience in Information Security, Cybersecurity and/or Information Technology to include accountability for complex tasks and/or projects.

  • 2 or more years of related experience in Incident Response, Information Assurance, Forensics and/or Cyber Intelligence

  • Proficient level of business acumen in the areas of business operations, risk management, industry practices and emerging trends.

When you apply for this position, you will be required to answer some initial questions.  This will take approximately 5 minutes.  Once you begin the questions you will not be able to finish them at a later time and you will not be able to change your responses.


  • Familiar with AWS cloud native technologies and adoption/migration patterns

  • Experience developing and maintaining documentation for cloud security systems, procedures, baselines, and best practices

  • Familiar with cloud security models and DevOps technologies for automation (such as Ansible, Salt, Puppet, Chef, etc.) and code version control

  • Experience with containers and container orchestration platforms like Kubernetes

  • Experience working with platform engineers on security best practices in Infrastructure as Code, cloud design patterns, and CI/CD with built in application security controls

  • Experience implementing security architecture, methods, and controls required to meet security, compliance, and audit requirements

  • Familiarity with Enterprise logging technologies such as ELK stack

  • Experience with Endpoint Detection and Response agents or concepts

  • Experience with Windows and Linux operating systems including command line usage

  • Experience with Python, PowerShell or Golang

  • Experience with manipulating/parsing structured data such as JSON/XML and unstructured data

  • Familiar with integrating rest APIs

  • Knowledge of Behavioral-Based signature/IOC development and tools (YARA, STIX, EQL)

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.


USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market position. The salary range for this position is: $88,200 - $158,900* (this does not include geographic differential it may be applied based on your work location)

Employees may be eligible for pay incentives based on overall corporate and individual performance or at the discretion of the USAA Board of Directors.

*Geographical Differential: Geographic pay differential is additional pay provided to eligible employees working in locations where market pay levels are above the national average. 

Shift premium: will be addressed on an individual-basis for applicable roles that are consistently scheduled for non-core hours.  


 At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness.  These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs.  Additionally, our career path planning and continuing education assists employees with their professional goals.

Please click on the link below for more details.

USAA Total Rewards

Relocation assistance is Not Available for this position.