About The Position

Serve as a technical lead within the FIS Cyber Threat Hunting (CTH) program, driving proactive, hypothesis-based threat hunts across endpoint, network, identity, and cloud telemetry to uncover stealthy adversary activity, leading to reductions in attack dwell time in the FIS environment. Execute complex investigations using enterprise-level EDR and SIEM platforms, correlate multi-source evidence, and rapidly scope, contain, and support remediation for incidents including malware, credential compromise, and unauthorized access, while clearly documenting hunt outcomes and investigative conclusions. Translate threat intelligence and adversary TTPs into high-fidelity behavioral analytics mapped to frameworks such as MITRE ATT&CK. Partner with the Security Operations Center, Penetration Testing Teams, and Detection Engineering stakeholders to operationalize successful hunts into durable detections and improved response playbooks. Automate and scale hunting and investigative workflows through scripting languages (PowerShell/BASH), enrichment, and data analysis to improve speed, consistency, and signal quality. Lead threat hunting efforts in newly acquired or integrating M&A environments, where you will be required to rapidly assess unfamiliar architectures, establish baselines, and identify inherited risk and latent compromise. Hunt for pre- and post-acquisition adversary activity while informing integration and risk-reduction strategies.

Requirements

  • Bachelor’s degree or foreign equivalent in Computer Science, Cyber Security, Digital Forensics, or related field and seven (7) years of progressively responsible experience in the job offered or a related occupation.
  • Investigating endpoint-based security threats using enterprise Endpoint Detection and Response (EDR) solutions, including analysis of behavioral detections, process execution trees, command-line activity, and persistence mechanisms to identify and contain malicious activity.
  • Developing, tuning, and investigating security detections using SIEM platforms in an enterprise environment, including analysis of authentication logs, endpoint telemetry, network events, and cloud audit logs.
  • Supporting cybersecurity incident response activities, including triage, scoping, containment, and remediation of incidents including malware infections, credential compromise, and unauthorized access.
  • Utilizing scripting languages including Python, PowerShell, and Bash to automate security workflows, analyze security data, enrich security alerts, or support incident investigations.
  • Consuming and applying threat intelligence, including indicators of compromise (IOCs), adversary tactics and techniques, and opensource intelligence, to enhance security detections and investigations.
  • Alternatively, a Master’s degree in the above listed fields and five (5) years of experience in the above listed skills.

Responsibilities

  • Serve as a technical lead within the FIS Cyber Threat Hunting (CTH) program.
  • Drive proactive, hypothesis-based threat hunts across endpoint, network, identity, and cloud telemetry.
  • Uncover stealthy adversary activity leading to reductions in attack dwell time.
  • Execute complex investigations using enterprise-level EDR and SIEM platforms.
  • Correlate multi-source evidence and rapidly scope, contain, and support remediation for incidents.
  • Document hunt outcomes and investigative conclusions.
  • Translate threat intelligence and adversary TTPs into high-fidelity behavioral analytics mapped to frameworks such as MITRE ATT&CK.
  • Partner with the Security Operations Center, Penetration Testing Teams, and Detection Engineering stakeholders to operationalize successful hunts into durable detections and improved response playbooks.
  • Automate and scale hunting and investigative workflows through scripting languages (PowerShell/BASH), enrichment, and data analysis.
  • Lead threat hunting efforts in newly acquired or integrating M&A environments.
  • Rapidly assess unfamiliar architectures, establish baselines, and identify inherited risk and latent compromise.
  • Hunt for pre- and post-acquisition adversary activity while informing integration and risk-reduction strategies.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service