Engineer III, Cyber Threat Hunter

This is a fully remote position, open to applicants in United States.

📋 Description

• Conduct hypothesis-driven threat hunts across AWS, identity, endpoint, and network telemetry, documenting findings and suggesting control or detection enhancements.

• Create, refine, and sustain SIEM detections targeting high-risk behaviors such as IAM misuse, persistence, privilege escalation, and data access or exfiltration.

• Mitigate alert noise through structured tuning, baselining, and enrichment while maintaining significant coverage.

• Align detections and hunts with MITRE ATT&CK techniques to pinpoint and address visibility gaps.

• Assist in the investigation and containment of security incidents, performing log analysis, assessing impact, and recording findings.

• Contribute to the formulation and enhancement of incident response playbooks for prevalent cloud and identity-based scenarios.

• Generate concise after-action reports identifying root causes, control deficiencies, and prioritized remediation steps.

• Engage in periodic tabletop or fire drill exercises to assess readiness and enhance response coordination.

• Take part in purple team exercises to validate detection efficacy and aid in prioritizing remediation of identified vulnerabilities.

• Collaborate with offensive testing and engineering teams to translate findings into improved detections and fortified configurations.

• Identify avenues to enhance logging, telemetry coverage, and control effectiveness across both cloud and enterprise systems.

• Develop lightweight automation and scripts to expedite investigation processes, enrichment, and reporting consistency.

• Maintain comprehensive documentation of detection logic, hunt results, and response procedures to enhance repeatability and team scalability.

• Share threat insights and lessons learned with the wider security and engineering community through briefings or written updates.

⛳️ Requirements

• 3 to 5 years of progressive experience in cyber defense, encompassing threat hunting, detection engineering, and incident response within enterprise environments.

• Strong cloud security expertise in AWS-centric environments, including the creation of detections and investigations utilizing cloud-native telemetry (such as CloudTrail, IAM, VPC Flow Logs, CloudWatch logs, and compute or container logs).

• Practical experience in developing, tuning, and maintaining SIEM detections and analytics, including crafting high-quality queries, building dashboards, and enhancing signal-to-noise ratios.

• Experience with Sumo Logic is highly preferred.

• Capacity to lead threat hunts from start to finish, including hypothesis development, data gathering, analysis, documentation of findings, and recommendations based on attacker TTPs and frameworks like MITRE ATT&CK.

• Familiarity supporting high-severity incident responses, encompassing triage, scoping, containment guidance, and in-depth analysis, with the ability to serve as an escalation point for complex investigations.

• Solid understanding of investigative and forensic methods, including log forensics, timeline analysis, evidence handling, and documentation to support enterprise incident investigations and E-Discovery requirements as necessary.

• Experience planning or engaging in purple team and detection validation activities to assess control effectiveness and enhance alerting and response outcomes.

• Ability to operationalize and optimize security tools by integrating log sources, enhancing visibility, and aligning detection coverage with current threats and business risks.

• Strong automation and scripting capabilities (for instance, Python, PowerShell, Bash) to streamline investigations, enrich alerts, and improve consistency across hunting and response workflows.

• Exceptional written and verbal communication skills, including the production of after-action reports, threat briefings, and clear, actionable remediation guidance for both technical and non-technical stakeholders.

• A collaborative mindset with experience collaborating across engineering, architecture, and development teams, and mentoring junior analysts or engineers to elevate team capability.

🏝️ Benefits

• Annual bonuses and opportunities for merit-based raises and promotions

• A mission-driven workplace where your impact matters

• A team that invests in your development and success