Job Overview: This Cybersecurity Engineer Senior – Threat Engineer focuses on proactively identifying, investigating and neutralizing sophisticated cyber threats that evade traditional defenses. Responsible for threat research, threat hunting, digital forensics, malware analysis, full-cycle incident response, and leading purple team exercises to collaboratively test, validate and enhance detection/response capabilities. The position plays a critical role in minimizing adversary dwell time, closing detection gaps, and strengthening organizational resilience against advanced persistent threats (APTs), ransomware, nation-state actors, and emerging attack techniques.

Compensation Range- $145,000-$155,000

The role functions as part of the Cybersecurity Operations team and collaborates cross-functionally with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams to secure and defend against existing and emerging threats to the organization. The role is expected to independently lead engagements from conception to completion, communicate technical details to partners and senior leadership, mentor junior staff, and provide technical direction to the program

Job Responsibilities:

Incident Response & Containment

• Serve as lead or escalation responder for high-severity incidents, including ransomware, data breaches, APT intrusions, and insider threats
• Lead scoping, containment, eradication, and recovery efforts in coordination with cross-functional teams
• Reconstruct attack timelines, correlate events across sources, and produce detailed root cause analyses and executive reports

Advanced Threat Research

• Partner with Threat Intelligence to conduct in-depth research on emerging threats, attack vectors, threat actor TTPs, and indicators of compromise
• Identify emerging and persistent threats to the organization's networks, systems, and applications
• Map adversary behaviors to frameworks such as MITRE ATT&CK, D3FEND, and Cyber Kill Chain

Proactive Threat Hunting

• Lead and execute threat hunting campaigns across endpoints, networks, cloud environments, identity systems, and logs to uncover hidden threats and signs of compromise
• Analyze large-scale telemetry (EDR, SIEM, UEBA, system logs) for behavioral anomalies, persistence mechanisms, and lateral movement
• Identify detection gaps and collaborate with Detection Engineering team on creating or tuning new detection rules, signatures, and analytics
• Lead coordinated efforts across Cyber teams to ensure the effective delivery and tracking of intelligence-driven evaluations and responses to threats
• Create and maintain Threat Library that can be used to executive and tactical reporting as well as track organizational action items

Digital Forensics & Malware Analysis

• Perform host-based, memory, and network forensic investigations on suspected compromised systems
• Conduct reverse engineering and static/dynamic analysis of malware, scripts, exploits, and tools used by adversaries
• Preserve and analyze forensic artifacts while maintaining chain of custody

Purple Teaming & Improvement

• Lead purple team exercises, facilitating collaboration between offensive (red) and defensive (blue) teams to simulate real-world adversary TTPs, validate detection effectiveness, identify gaps in monitoring/response, and drive iterative improvements to security controls and processes
• Design, scope, and execute purple team engagements, including adversary emulation, attack path validation, and real-time feedback loops to enhance threat detection, hunting, and incident response playbooks

Collaboration & Knowledge Sharing

• Mentor and develop SOC team on hunt methodology, adversary TTP analysis, detection tuning and other advanced techniques
• Partner with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams
• Stay current with industry trends through conferences, research, and certifications

Additional Responsibilities

• Operate and mature process related to the threat hunting program across SOC teams and related security vendors/services
• Develop a threat assessment/modeling framework documenting threats to aid in driving resiliency initiatives that require broader non-SOC business partner buy-in
• Security tooling assessments
• Monitor, evaluate and manage any third-party hunt activities and provide recommendations
• Maintain a shared library of threat research integrated with threat intelligence and detection libraries
• Perform deep-dive analysis on specific threats (e.g., tracking a ransomware group’s evolution)
• Correlate internal telemetry (SIEM, logs, EDR data) with external threat intelligence
• Apply intelligence to create use cases and detection rules through collaboration across teams
• Run tabletop exercises or simulations based on current threat actor behavior
• Update the threat hunt program’s roadmap and tooling
• Participate in intelligence-sharing collaborations (e.g., with ISACs, government, or vendors)
• Develop and maintain security tools, scripts, frameworks, and automation to scale hunt and IR
• Create and update security documentation, policies and threat models as needed
• Compile and analyze data for management reporting and metrics as directed
• Performs other duties as assigned

Job Requirements:

Education/ Certifications:

• BA/BS in Computer or Cybersecurity domain
• At least one industry-leading or senior level cybersecurity certification. Examples: ISC2 Certified Information Systems Security Professional (CISSP), GIAC Cyber Threat Intelligence (GCTI), EC-Council’s Certified Threat Intelligence Analyst (CTIA), CREST Practitioner Threat Intelligence Analyst (CPTIA), MITRE MAD ATT&CK Cyber Threat Intelligence Certification

Experience:

• 8+ years of hands-on cybersecurity experience within on-prem and Cloud environments
• 5+ years of experience as a Threat Management and Operations analyst focused on threat hunt, intelligence, monitoring, and incident response
• Experience in threat research, vulnerability research, malware analysis and exploit investigation
• Experience testing and managing detection rules in SIEMs
• Experience with EDR, NDR and CDR solutions with a focus on policy/rule management
• Strong understanding of MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain, Threat Hunting Frameworks
• Solid understanding of networking (WAN, LAN, wLAN), network domains (Internet, Intranet, DMZ), communication techniques/protocols (IP and others), and their combined effects on network and host systems security
• Strong Understanding of Windows, Linux/Unix platforms
• Comfortable handling multiple deliverables and able to manage priorities in a time-sensitive environment.
• Strong written and verbal technical and non-technical communication skills. Assures smooth flowing, timely transmission of critical information. Oral and written communication is well organized, clear, accurate, grammatically correct, and is adapted for the target audience, including C-Suite
• Collaborative, embraces diverse people, thinking and styles

Preferred Experience

• Security Engineering experience with SIEM, EDR, Web Proxy, Email Security (ETP), and security testing platforms and frameworks
• Preferred key industry certifications such as CEH, Security+, CISSP, CISA, CISM, GCIH, etc.
• Familiarity with YARA, OpenIOC, Sigma, and STIX frameworks.
• Strong Understanding of Cloud Infrastructure and Cloud Security.
• Adversary emulation tools, Python scripting, malware analysis
• Strong understanding of software development tools and methodologies

Knowledge/Skills/ Abilities

• Highly technical and detailed investigative skills, along with a genuine passion for cybersecurity, are essential for this role.
• Ability to multitask and prioritize work effectively
• Highly motivated self-starter
• Strong sense of ownership and driven to manage tasks to completion
• Complex critical thinking and security analysis skills
• Advanced written and verbal communication skills for a wide array of audiences
• Ability to communicate technical risk details into easy-to-understand language
• Knowledge of threat research and adversary tactics and techniques frameworks, such as MITRE ATT&CK matrices, Cyber Kill Chain, STRIDE, or PASTA
• Ability to write succinct briefings, presentations, and reports to convey analysis, threat trends, threat actor profiles, indicator bulletins, vulnerability details and defensive strategies to varied audiences
• Knowledge of current and emerging cyber adversaries and their techniques, tactics, and procedures (TTPs)
• Good judgment is required for this position as there may be times when direct supervision may not be immediately available.

Work Environment:

Remote Role:

• This position is classified as remote where the associate will perform remote work from their primary residence. Remote associates are welcome to work from the office but are not required to do so. While remote associates are not required to work from an office on a regular basis, they may be required to come to the office or other UNFI locations for necessary business reasons or if directed to do so by their manager.

Travel (minor):
This position may require the associate to travel to company offices, distribution centers, or other locations for specific meetings or other business reasons.

Physical Environment/Demands:

Office Roles:

• Most work is performed in a temperature-controlled office environment.
• Incumbent may sit for long periods of time at a desk or computer terminal.
• While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; reach with hands and arms; and talk or hear.
• Incumbent may use calculators, keyboards, telephones, and other office equipment in the course of a normal workday.
• Stooping, bending, twisting, and reaching may be required in the completion of job duties.

The above statements are intended to describe the general nature of the work performed by the employees assigned to this job. All employees must comply with Company policy and applicable laws. The responsibilities, duties and skills required of personnel so classified may vary within each department and/or location.