This Cybersecurity Engineer Senior – Threat Management & Research focuses on proactively identifying, investigating and neutralizing sophisticated cyber threats that evade traditional defenses. Responsible for threat research, threat hunting, digital forensics, malware analysis, full-cycle incident response, and leading purple team exercises to collaboratively test, validate and enhance detection/response capabilities. The position plays a critical role in minimizing adversary dwell time, closing detection gaps, and strengthening organizational resilience against advanced persistent threats (APTs), ransomware, nation-state actors, and emerging attack techniques.
The role functions as part of the Cybersecurity Operations team and collaborates cross-functionally with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams to secure and defend against existing and emerging threats to the organization. The role is expected to independently lead engagements from conception to completion, communicate technical details to partners and senior leadership, mentor junior staff, and provide technical direction to the program.

Incident Response & Containment

• Serve as lead or escalation responder for high-severity incidents, including ransomware, data breaches, APT intrusions, and insider threats
• Lead scoping, containment, eradication, and recovery efforts in coordination with cross-functional teams
• Reconstruct attack timelines, correlate events across sources, and produce detailed root cause analyses and executive reports

Advanced Threat Research

• Partner with Threat Intelligence to conduct in-depth research on emerging threats, attack vectors, threat actor TTPs, and indicators of compromise
• Identify emerging and persistent threats to the organization's networks, systems, and applications
• Map adversary behaviors to frameworks such as MITRE ATT&CK, D3FEND, and Cyber Kill Chain

Proactive Threat Hunting

• Lead and execute threat hunting campaigns across endpoints, networks, cloud environments, identity systems, and logs to uncover hidden threats and signs of compromise
• Analyze large-scale telemetry (EDR, SIEM, UEBA, system logs) for behavioral anomalies, persistence mechanisms, and lateral movement
• Identify detection gaps and collaborate with Detection Engineering team on creating or tuning new detection rules, signatures, and analytics
• Lead coordinated efforts across Cyber teams to ensure the effective delivery and tracking of intelligence-driven evaluations and responses to threats
• Create and maintain Threat Library that can be used to executive and tactical reporting as well as track organizational action items

Digital Forensics & Malware Analysis

• Perform host-based, memory, and network forensic investigations on suspected compromised systems
• Conduct reverse engineering and static/dynamic analysis of malware, scripts, exploits, and tools used by adversaries
• Preserve and analyze forensic artifacts while maintaining chain of custody

Purple Teaming & Improvement

• Lead purple team exercises, facilitating collaboration between offensive (red) and defensive (blue) teams to simulate real-world adversary TTPs, validate detection effectiveness, identify gaps in monitoring/response, and drive iterative improvements to security controls and processes
• Design, scope, and execute purple team engagements, including adversary emulation, attack path validation, and real-time feedback loops to enhance threat detection, hunting, and incident response playbooks

Collaboration & Knowledge Sharing

• Mentor and develop SOC team on hunt methodology, adversary TTP analysis, detection tuning and other advanced techniques
• Partner with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams
• Stay current with industry trends through conferences, research, and certifications

Additional Responsibilities

• Operate and mature process related to the threat hunting program across SOC teams and related security vendors/services
• Develop a threat assessment/modeling framework documenting threats to aid in driving resiliency initiatives that require broader non-SOC business partner buy-in
• Security tooling assessments
• Monitor, evaluate and manage any third-party hunt activities and provide recommendations
• Maintain a shared library of threat research integrated with threat intelligence and detection libraries
• Perform deep-dive analysis on specific threats (e.g., tracking a ransomware group’s evolution)
• Correlate internal telemetry (SIEM, logs, EDR data) with external threat intelligence
• Apply intelligence to create use cases and detection rules through collaboration across teams
• Run tabletop exercises or simulations based on current threat actor behavior
• Update the threat hunt program’s roadmap and tooling
• Participate in intelligence-sharing collaborations (e.g., with ISACs, government, or vendors)
• Develop and maintain security tools, scripts, frameworks, and automation to scale hunt and IR
• Create and update security documentation, policies and threat models as needed
• Compile and analyze data for management reporting and metrics as directed
• Performs other duties as assigned

Education / Certifications:

• BA/BS in Computer or Cybersecurity domain
• At least one industry-leading or senior level cybersecurity certification. Examples:
  CISSP, GCTI, CTIA, CPTIA, MITRE MAD ATT&CK

Experience:

• 8+ years of hands-on cybersecurity experience within on-prem and Cloud environments
• 5+ years of experience as a Threat Management and Operations analyst focused on threat hunt, intelligence, monitoring, and incident response
• Experience in threat research, vulnerability research, malware analysis and exploit investigation
• Experience testing and managing detection rules in SIEMs
• Experience with EDR, NDR and CDR solutions with a focus on policy/rule management
• Strong understanding of MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain, Threat Hunting Frameworks
• Solid understanding of networking (WAN, LAN, wLAN), network domains (Internet, Intranet, DMZ), communication techniques/protocols (IP and others), and their combined effects on network and host systems security
• Strong Understanding of Windows, Linux/Unix platforms
• Comfortable handling multiple deliverables and able to manage priorities in a time-sensitive environment
• Strong written and verbal technical and non-technical communication skills
• Collaborative, embraces diverse people, thinking and styles
• Security Engineering experience with SIEM (Google Chronicle/Security Operations), EDR (CrowdStrike), zScaler Proxy, ProofPoint Email Security, and security testing platforms and frameworks
• Preferred certifications: CEH, Security+, CISSP, CISA, CISM, GCIH, etc.
• Familiarity with YARA, OpenIOC, Sigma, and STIX frameworks
• Strong understanding of Cloud Infrastructure and Cloud Security
• Adversary emulation tools, Python scripting, malware analysis
• Strong understanding of software development tools and methodologies

Knowledge / Skills / Abilities:

• Highly technical and detailed investigative skills
• Ability to multitask and prioritize work effectively
• Highly motivated self-starter
• Strong sense of ownership and driven to manage tasks to completion
• Complex critical thinking and security analysis skills
• Advanced written and verbal communication skills
• Ability to communicate technical risk details in easy-to-understand language
• Knowledge of threat research and adversary TTP frameworks (MITRE ATT&CK, Cyber Kill Chain, STRIDE, PASTA)
• Ability to write succinct briefings, presentations, and reports
• Knowledge of current and emerging cyber adversaries and their TTPs
• Good judgment required when direct supervision is not available

Remote Role:

• This position is classified as remote where the associate will perform remote work from their primary residence.
• Remote associates may be required to come to the office or other locations for business reasons.

Travel (minor):

• May require travel to offices, distribution centers, or other locations.

Office Roles:

• Most work in a temperature-controlled office environment
• Incumbent may sit for long periods
• Regularly required to sit, use hands, reach, talk or hear
• May use calculators, keyboards, telephones, and other office equipment
• Stooping, bending, twisting, and reaching may be required