Cyber Threat Hunter

Dow Chemical•Midland, TX

About The Position

At Dow, we believe in putting people first and we’re passionate about delivering integrity, respect and safety to our customers, our employees and the planet. Our people are at the heart of our solutions. They reflect the communities we live in and the world where we do business. Their diversity is our strength. We’re a community of relentless problem solvers that offers the daily opportunity to contribute with your perspective, transform industries and shape the future. Our purpose is simple - to deliver a sustainable future for the world through science and collaboration. If you’re looking for a challenge and meaningful role, you’re in the right place. Dow (NYSE: DOW) is one of the world’s leading materials science companies, serving customers in high-growth markets such as packaging, infrastructure, mobility and consumer applications. Our global breadth, asset integration and scale, focused innovation, leading business positions and commitment to sustainability enable us to achieve profitable growth and help deliver a sustainable future. We operate manufacturing sites in 30 countries and employ approximately 36,000 people. Dow delivered sales of approximately $43 billion in 2024. References to Dow or the Company mean Dow Inc. and its subsidiaries. Learn more about us and our ambition to be the most innovative, customer-centric, inclusive and sustainable materials science company in the world by visiting www.dow.com . About you and this role Dow has an exciting opportunity for a Cyber Threat Hunter located in Midland, MI . As a Cyber Threat Hunter, you will serve as a proactive defender within the Cybersecurity Operations Center (CSOC), reporting to the CSOC Operations Leader. On top of day-to-day investigations and incident response, this position focuses on hypothesis-driven hunting to uncover advanced threats that evade automated detection. You will lead threat-hunting initiatives, collaborate with the Dow red team to emulate adversary tactics, and act as a focal point for advanced detection strategies across the team. Your mission is to anticipate, identify, and neutralize sophisticated adversaries by leveraging threat intelligence, behavioral analytics, and forensic techniques. This role demands curiosity, creativity, and technical depth to stay ahead of evolving attack methodologies.

Requirements

A minimum of a bachelor’s degree or relevant military experience at or above a U.S. E5 ranking or Canadian Petty Officer 2nd Class or Sergeant OR a minimum of 3 total years of relevant IT experience in lieu of a Bachelor's degree.
A minimum of 2 years experience with Cybersecurity
Able to be available for on-call rotation as needed
A minimum requirement for this U.S.-based position is the ability to work legally in the United States. No visa sponsorship/support is available for this position
Cyber Threat Hunting – Proactively searching for advanced threats that evade automated detection by leveraging hypothesis-driven techniques, threat intelligence, and behavioral analytics.
Adversary Tactics & Framework Knowledge – Deep understanding of TTPs and frameworks like MITRE ATT&CK, Cyber Kill Chain, and PEAK to anticipate and counter sophisticated attacks.
Incident Response & Forensic Analysis – Handling cybersecurity investigations and performing deep-dive analysis of network traffic, endpoint telemetry, and identity logs to uncover adversarial behaviors.
Detection Logic Crafting – Developing and refining detection logic for SIEM and EDR platforms, including writing custom rules and queries to improve threat visibility.
Collaborative Communication – Effectively partnering with the Dow red team, threat intelligence team, and presenting technical findings to both technical and executive audiences.

Nice To Haves

Strong understanding of adversary tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK, Cyber Kill Chain, and PEAK Threat Hunting Framework
Experience with Microsoft Sentinel, Defender XDR, and threat intelligence platforms; ability to write custom detection rules and queries
Familiarity with memory forensics, malware analysis, and reverse engineering concepts
Ability to develop hypotheses and conduct hunts without relying on pre-existing alerts
Comfortable presenting technical findings to both technical and executive audiences
Familiarity with OT concepts and adversarial threats.
GCTI (GIAC Cyber Threat Intelligence), GCFA (GIAC Forensic Analyst), CompTIA CySA+, or Certified Cyber Threat Hunting Professional (CCTHP)

Responsibilities

Handles escalations and determines response actions for cybersecurity incidents
Collects threat intelligence and converts it to actionable content
Participates in table-top exercises, ethical hacking, and cyber-range training
Lead hypothesis-driven hunts based on MITRE ATT&CK and emerging TTPs
Perform deep-dive analysis of network traffic, endpoint telemetry, and identity logs to uncover and analyze adversarial behaviors
Develop and refine detection logic for SIEM and EDR platforms
Collaborate with threat intelligence teams to operationalize indicators of compromise (IOCs) and adversary emulation plans
Construct adversary emulation scenarios to validate detection coverage and identify gaps
Document hunt methodologies and findings to strengthen organizational resilience and inform future hunts

Benefits

Equitable and market-competitive base pay and bonus opportunity across our global markets, along with locally relevant incentives.
Benefits and programs to support your physical, mental, financial, and social well-being, to help you get the care you need...when you need it.
Competitive retirement program that may include company-provided benefits, savings opportunities, financial planning, and educational resources to help you achieve your long term financial-goals.
Employee stock purchase programs (availability varies depending on location).
Student Debt Retirement Savings Match Program (U.S. only). Dow will take the value of monthly student debt payments and apply them as if they are contributions to the Employees’ Savings Plan (401(k)), helping employees reach the Company match.
Robust medical and life insurance packages that offer a variety of coverage options to meet your individual needs. Travel insurance is also available in certain countries/locations.
Opportunities to learn and grow through training and mentoring, work experiences, community involvement and team building.
Workplace culture empowering role-based flexibility to maximize personal productivity and balance personal needs.
Competitive yearly vacation allowance.
Paid time off for new parents (birthing and non-birthing, including adoptive and foster parents).
Paid time off to care for family members who are sick or injured.
Paid time off to support volunteering and Employee Resource Group’s (ERG) participation.
Wellbeing Portal for all Dow employees, our one-stop shop to promote wellbeing, empowering employees to take ownership of their entire wellbeing journey.
On-site fitness facilities to help stay healthy and active (availability varies depending on location).
Employee discounts for online shopping, cinema tickets, gym memberships and more.
Transportation allowance (availability varies depending on location)
Meal subsidiaries/vouchers (availability varies depending on location)
Carbon-neutral transportation incentives e.g. bike to work (availability varies depending on location)