Engineer III, Cyber Threat Hunter

About The Position

Requirements

• 3 to 5 years of progressive experience in cyber defense, including threat hunting, detection engineering, and incident response in enterprise environments.
• Strong cloud security experience in AWS-heavy environments, including building detections and investigations using cloud-native telemetry (for example CloudTrail, IAM, VPC Flow Logs, CloudWatch logs, and compute or container logs).
• Hands-on experience developing, tuning, and maintaining SIEM detections and analytics, including writing high-quality queries, building dashboards, and improving signal-to-noise.
• Ability to lead threat hunts end-to-end, including hypothesis creation, data collection, analysis, documentation of findings, and recommendations grounded in attacker TTPs and frameworks such as MITRE ATT&CK.
• Experience supporting high-severity incident response, including triage, scoping, containment guidance, and deeper analysis, with comfort serving as an escalation point for complex investigations.
• Practical knowledge of investigative and forensic methods, including log forensics, timeline analysis, evidence handling, and documentation, to support enterprise incident investigations and E-Discovery needs as required.
• Experience planning or participating in purple team and detection validation activities to evaluate control effectiveness and improve alerting and response outcomes.
• Ability to operationalize and optimize security tooling by integrating log sources, improving visibility, and aligning detection coverage to current threats and business risk.
• Strong automation and scripting skills (for example Python, PowerShell, Bash) to streamline investigations, enrich alerts, and improve repeatability across hunting and response workflows.
• Excellent written and verbal communication skills, including producing after-action reports, threat briefings, and clear, actionable remediation guidance for technical and non-technical stakeholders.
• A collaborative mindset with experience partnering across engineering, architecture, and development teams, and mentoring junior analysts or engineers to raise team capability.
• Candidates must be authorized to work in the United States for any employer and should possess clear and concise communication skills, both written and verbal.
• Proficiency in Microsoft Suite tools is preferred, though a willingness to learn is equally valued.
• We look for those with curiosity and enthusiasm for emerging technologies, particularly AI-driven solutions, and a proactive approach to independently learning and applying new digital tools.
• Applicants should demonstrate the skills and mindsets aligned with College Board’s Operating Principles, reflecting a commitment to continuous growth, collaboration, and impact, notably: A commitment to candid, timely, respectful feedback A learner orientation and an openness to ideas and diverse perspectives The ability to push for excellence through data-informed decision-making, iterative learning, external benchmarking and user-inputs Strong problem-solving skills, including the ability to break down complex issues and identify clear paths forward A track record of prioritizing high-impact work, simplifying complexity, taking initiative, and making decisions quickly with clarity of purpose A habit of collaborating across differences, practicing empathy, and contributing to a culture of trust and shared success

Nice To Haves

• Relevant certifications (for example GCIA, GCIH, GNFA, AWS Security Specialty, Security+).
• Experience securing modern cloud platforms such as containers and Kubernetes, serverless, and CI/CD pipelines, and detecting identity-based attacks in cloud environments.
• Experience with Sumo Logic is strongly preferred.

Responsibilities

• Execute hypothesis-driven threat hunts across AWS, identity, endpoint, and network telemetry, documenting findings and recommended control or detection improvements.
• Build, tune, and maintain SIEM detections focused on high-risk behaviors such as IAM misuse, persistence, privilege escalation, and data access or exfiltration.
• Reduce alert noise through structured tuning, baselining, and enrichment while preserving meaningful coverage.
• Map detections and hunts to MITRE ATT&CK techniques to identify and close visibility gaps.
• Support investigation and containment of security incidents, performing log analysis, scoping impact, and documenting findings.
• Contribute to the development and refinement of incident response playbooks for common cloud and identity-based scenarios.
• Produce clear after-action reports that identify root cause, control gaps, and prioritized remediation steps.
• Participate in periodic tabletop or fire drill exercises to validate readiness and improve response coordination.
• Participate in purple team exercises to validate detection effectiveness and help prioritize remediation of identified gaps.
• Partner with offensive testing and engineering teams to translate findings into improved detections and hardened configurations.
• Identify opportunities to strengthen logging, telemetry coverage, and control effectiveness across cloud and enterprise systems.
• Develop lightweight automation and scripts to improve investigation speed, enrichment, and reporting consistency.
• Maintain well-documented detection logic, hunt results, and response procedures to improve repeatability and team scalability.
• Share threat insights and lessons learned with the broader security and engineering community through briefings or written updates.

Benefits

• Annual bonuses and opportunities for merit-based raises and promotions
• A mission-driven workplace where your impact matters
• A team that invests in your development and success