Cyber Threat Detection Specialist

About The Position

Requirements

• Proven & demonstrated experience in cyber threat hunting and incident response within enterprise environments.
• Direct experience in responding to Microsoft Security incidents and alerts.
• Strong background investigating email-based attacks.
• Demonstrated experience using sandbox or DFIR lab environments for malware and artifact analysis.
• Solid understanding of attacker tradecraft, threat actor behaviors, and modern attack techniques.
• Ability to document and communicate complex technical findings clearly and concisely.
• Experience developing or improving detection logic based on threat intelligence.
• Familiarity with identity-centric attacks and cloud-based attack surfaces.
• Knowledge of MITRE ATT&CK and its application to investigations and reporting.
• Prior experience working in a SOC, CSIRT, or dedicated threat response team.
• Minimum 5 years’ experience performing all required qualifications.
• Analytical thinking and investigative rigor
• Strong written and verbal communication skills
• Ability to operate effectively during high-pressure incident response scenarios
• Attention to detail with a strong sense of operational urgency
• Collaboration across technical and non-technical teams
• Flexibility and prioritization skills to establish and meet business needs in an organized and timely manner

Responsibilities

• Threat Hunting & Detection Proactively hunt for threat actors using telemetry, threat intelligence, and behavioral indicators across enterprise environments.
• Leverage internal and external threat intelligence to develop, refine, and prioritize detection strategies.
• Identify and respond to impersonation and brand abuse attacks targeting digital objects, including: Domains and subdomains Email identities and infrastructure Phone numbers and SMS channels Social media accounts and online platforms
• Translate intelligence insights into actionable detections, alerts, and investigative hypotheses.
• Incident Response Lead and support investigations into cybersecurity incidents, including email attacks, account compromise, malware, phishing, spoofing, and other types of cyber-attacks.
• Respond to security incidents within Microsoft Security tooling (e.g., Microsoft Defender, Microsoft Sentinel, Microsoft 365 security incidents).
• Perform root cause analysis, define scope, execute containment, plan eradication, and complete recovery activities.
• Collaborate with SOC, IT, Legal, and other stakeholders during active incidents.
• Analyze message headers, sender infrastructure, authentication failures (SPF, DKIM, DMARC), and attacker tradecraft.
• DFIR & Malware Analysis Conduct dynamic and static analysis of suspicious files and links using sandbox environments and DFIR labs.
• Analyze malware behavior, persistence mechanisms, command-and-control patterns, and indicators of compromise (IOCs).
• Apply DFIR methodologies to endpoint, identity, and cloud-based investigations.
• Documentation & Reporting Produce clear, accurate, and well-structured investigation reports documenting: Incident timelines and findings Adversary techniques, tactics, and procedures (TTPs) Impact assessment and risk implications Recommended remediation and prevention strategies
• Tailor reporting and communication for multiple audiences, including security teams, leadership, and non-technical stakeholders.

Benefits

• The firm offers a generous total compensation package with bonuses and raises awarded in recognition of individual merit-based performance.
• All full-time Business Services employees may participate in King & Spalding’s comprehensive benefit program including health and wellness plan, life and disability insurance, flexible spending accounts and a health savings account, a 401(k) plan, profit sharing plan, and a substantial Paid Time Off (PTO) program.