Cyber Threat Detection Specialist

About The Position

Requirements

• Proven & demonstrated experience in cyber threat hunting and incident response within enterprise environments.
• Direct experience in responding to Microsoft Security incidents and alerts.
• Strong background investigating email-based attacks.
• Demonstrated experience using sandbox or DFIR lab environments for malware and artifact analysis.
• Solid understanding of attacker tradecraft, threat actor behaviors, and modern attack techniques.
• Ability to document and communicate complex technical findings clearly and concisely.
• Experience developing or improving detection logic based on threat intelligence.
• Familiarity with identity-centric attacks and cloud-based attack surfaces.
• Knowledge of MITRE ATT&CK and its application to investigations and reporting.
• Prior experience working in a SOC, CSIRT, or dedicated threat response team.
• Minimum 5 years’ experience performing all required qualifications.
• Analytical thinking and investigative rigor
• Strong written and verbal communication skills
• Ability to operate effectively during high-pressure incident response scenarios
• Attention to detail with a strong sense of operational urgency
• Collaboration across technical and non-technical teams
• Flexibility and prioritization skills to establish and meet business needs in an organized and timely manner

Responsibilities

• Proactively hunt for threat actors using telemetry, threat intelligence, and behavioral indicators across enterprise environments.
• Leverage internal and external threat intelligence to develop, refine, and prioritize detection strategies.
• Identify and respond to impersonation and brand abuse attacks targeting digital objects, including: Domains and subdomains, Email identities and infrastructure, Phone numbers and SMS channels, Social media accounts and online platforms.
• Translate intelligence insights into actionable detections, alerts, and investigative hypotheses.
• Lead and support investigations into cybersecurity incidents, including email attacks, account compromise, malware, phishing, spoofing, and other types of cyber-attacks.
• Respond to security incidents within Microsoft Security tooling (e.g., Microsoft Defender, Microsoft Sentinel, Microsoft 365 security incidents).
• Perform root cause analysis, define scope, execute containment, plan eradication, and complete recovery activities.
• Collaborate with SOC, IT, Legal, and other stakeholders during active incidents.
• Analyze message headers, sender infrastructure, authentication failures (SPF, DKIM, DMARC), and attacker tradecraft.
• Conduct dynamic and static analysis of suspicious files and links using sandbox environments and DFIR labs.
• Analyze malware behavior, persistence mechanisms, command-and-control patterns, and indicators of compromise (IOCs).
• Apply DFIR methodologies to endpoint, identity, and cloud-based investigations.
• Produce clear, accurate, and well-structured investigation reports documenting: Incident timelines and findings, Adversary techniques, tactics, and procedures (TTPs), Impact assessment and risk implications, Recommended remediation and prevention strategies.
• Tailor reporting and communication for multiple audiences, including security teams, leadership, and non-technical stakeholders.

Benefits

• health and wellness plan
• life and disability insurance
• flexible spending accounts
• health savings account
• 401(k) plan
• profit sharing plan
• substantial Paid Time Off (PTO) program