Depending on threat model, making something like Manjaro "extremely secure" might be more trouble then it's worth. A lot of the hardening comes from the kernel and having the right dot files / configs in place to make best use of those features. Even if Manjaro offers hardened kernel in their repos, I'd imagine the OS might have to be tweaked a bit to take full advantage of it? And depending on how motivated the glow-in-the-darks are, hardware can also be a consideration. Many of the pros try and exploit the hardware as well as the software. Some red teams having designated driver experts writing custom exploits in assembly on a case by case basis.
These anons gave good advice>>426>Qubes OS, Whonix, Tails, or some combination thereof.>>561>Basic security programs…
There's also Kodachi live boot OS. I can't vouch for it since I haven't taken an in depth look at it, but it's a thing and thought it might be worth a mention ITT. Also, Parrot OS is an interesting project.
As an aside, one can even pick up some knowledge by looking at how Debian, and even Ubuntu, configure their distros. INB4 UBUNTU REEEEE! I know Ubuntu default desktop leaks meta-data and their implementation of systemd is bloated and would require a thread unto itself. I'm only referring to the fact that Debian and Ubuntu are commonly deployed as servers and have some sensible defaults in that regard that might be useful for some to look into.
Also, building upon a basic Alpine install is another interesting option. Potential to have something with a very small attack surface and somewhat of a security by obscurity factor compared to other distros.