Engineer III, Cyber Threat Hunter

Role Overview

• Execute hypothesis-driven threat hunts across AWS, identity, endpoint, and network telemetry, documenting findings and recommended control or detection improvements.
• Build, tune, and maintain SIEM detections focused on high-risk behaviors such as IAM misuse, persistence, privilege escalation, and data access or exfiltration.
• Reduce alert noise through structured tuning, baselining, and enrichment while preserving meaningful coverage.
• Map detections and hunts to MITRE ATT&CK techniques to identify and close visibility gaps.
• Support investigation and containment of security incidents, performing log analysis, scoping impact, and documenting findings.
• Contribute to the development and refinement of incident response playbooks for common cloud and identity-based scenarios.
• Produce clear after-action reports that identify root cause, control gaps, and prioritized remediation steps.
• Participate in periodic tabletop or fire drill exercises to validate readiness and improve response coordination.
• Participate in purple team exercises to validate detection effectiveness and help prioritize remediation of identified gaps.
• Partner with offensive testing and engineering teams to translate findings into improved detections and hardened configurations.
• Identify opportunities to strengthen logging, telemetry coverage, and control effectiveness across cloud and enterprise systems.
• Develop lightweight automation and scripts to improve investigation speed, enrichment, and reporting consistency.
• Maintain well-documented detection logic, hunt results, and response procedures to improve repeatability and team scalability.
• Share threat insights and lessons learned with the broader security and engineering community through briefings or written updates.

Requirements

• 3 to 5 years of progressive experience in cyber defense, including threat hunting, detection engineering, and incident response in enterprise environments.
• Strong cloud security experience in AWS-heavy environments, including building detections and investigations using cloud-native telemetry (for example CloudTrail, IAM, VPC Flow Logs, CloudWatch logs, and compute or container logs).
• Hands-on experience developing, tuning, and maintaining SIEM detections and analytics, including writing high-quality queries, building dashboards, and improving signal-to-noise.
• Experience with Sumo Logic is strongly preferred.
• Ability to lead threat hunts end-to-end, including hypothesis creation, data collection, analysis, documentation of findings, and recommendations grounded in attacker TTPs and frameworks such as MITRE ATT&CK.
• Experience supporting high-severity incident response, including triage, scoping, containment guidance, and deeper analysis, with comfort serving as an escalation point for complex investigations.
• Practical knowledge of investigative and forensic methods, including log forensics, timeline analysis, evidence handling, and documentation, to support enterprise incident investigations and E-Discovery needs as required.
• Experience planning or participating in purple team and detection validation activities to evaluate control effectiveness and improve alerting and response outcomes.
• Ability to operationalize and optimize security tooling by integrating log sources, improving visibility, and aligning detection coverage to current threats and business risk.
• Strong automation and scripting skills (for example Python, PowerShell, Bash) to streamline investigations, enrich alerts, and improve repeatability across hunting and response workflows.
• Excellent written and verbal communication skills, including producing after-action reports, threat briefings, and clear, actionable remediation guidance for technical and non-technical stakeholders.
• A collaborative mindset with experience partnering across engineering, architecture, and development teams, and mentoring junior analysts or engineers to raise team capability.

Tech Stack

• AWS
• Cloud
• Python

Benefits

• Annual bonuses and opportunities for merit-based raises and promotions
• A mission-driven workplace where your impact matters
• A team that invests in your development and success