Ross Stores, Inc.Remote
REMOTE - Security Engineer II (Threat Hunter)
United States of America
Full Time
6 hours ago
$109,000 - $205,000 USD
No H1B
Key skills
CybersecurityThreat Intelligence AnalysisCyber Threat HuntingThreat Intelligence PlatformsSIEM ToolsEndpoint Detection TechnologiesOSINTPythonSQLMITRE ATT&CK FrameworkIndicators of CompromiseSTIX/TAXII ProtocolsCISSPGCTILeadershipMentoringCommunication
About this role
Ross Stores, Inc. is a leading off-price retail chain with a commitment to excellence and growth. They are seeking a Security Engineer II responsible for proactive threat hunting and cyber threat intelligence analysis to identify and mitigate emerging threats, thereby strengthening the organization's security posture.
Responsibilities:
- Proactively hunt for advanced persistent threats (APTs), malware, and other malicious activities across networks, systems, and applications. Identify hidden threats that evade traditional security measures
- Synthesize large volumes of data from multiple sources to develop clear, actionable intelligence. Create detailed threat intelligence reports for technical teams and senior leadership
- Proactively hunt for advanced persistent threats (APTs), malware, and other malicious activities across networks, systems, and applications. Identify hidden threats that evade traditional security measures
- Create, optimize, and automate detection rules and enrichment logic using scripting languages like Python and SQL
- Respond to escalation requests either via the Helpdesk, NOC, junior analysts or other IT representatives
- Contribute to monthly Cyber Defense dashboard with relevant performance indicators and security threat assessments
- Develop and implement automated workflows and playbooks to streamline threat detection, analysis, and response processes, ensuring quick and effective mitigation of identified threats
- Mapping adversary behaviors using the MITRE ATT&CK framework to understand attack vectors and predict potential threats
- 24x7 on call duties apply on rotation and escalation
Requirements:
- Minimum of 8+ years of experience in cybersecurity, with at least 5+ years focused on threat intelligence analysis and cyber threat hunting
- Proven experience leading or mentoring CTI analysts
- Strong expertise in threat intelligence platforms (TIPs), SIEM tools, and endpoint detection technologies
- Proficiency in collecting, analyzing, and disseminating threat intelligence from OSINT, internal sources, and commercial threat feeds
- Hands-on experience with automated workflows, playbook development, and advanced threat hunting techniques
- Deep understanding of attack methodologies, APTs, malware, ransomware, and other cyber threats
- Familiarity with the MITRE ATT&CK framework and indicators of compromise (IoCs)
- Ability to synthesize complex data and produce actionable, clear intelligence for both technical and non-technical audiences
- Strong communication skills for reporting and briefing leadership on emerging threats
- Security certifications such as CISSP, GCTI, or equivalent are highly preferred
- Experience working in large enterprise environments with complex infrastructures and multiple overlapping tools
- Excellent reporting and communication skills with the ability to present technical findings to varied audiences
- Proficiency in scripting languages such as Python and SQL for data analysis and automation
- Knowledge of STIX/TAXII protocols for automated sharing and ingestion of structured threat intelligence data across systems
- Strong understanding of dark web marketplaces, threat actor infrastructures, ransomware groups, and emerging cybercriminal tactics, techniques, and procedures (TTPs)