Lead, Cyber Defense & Response

About The Position

Requirements

• 5+ years of experience in cyber threat hunting, incident response, detection engineering, or security operations in large enterprise environments.
• Demonstrated experience conducting investigations across endpoint, identity, network, and cloud telemetry in complex environments.
• Strong proficiency with at least one major SIEM/XDR ecosystem and advanced query authoring; hands-on experience with Splunk SPL and/or Microsoft KQL strongly preferred.
• Working knowledge of attacker tradecraft, including credential access, persistence, lateral movement, defense evasion, command-and-control, and data exfiltration techniques.
• Strong understanding of adversarial frameworks including MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain, and ability to apply them to analytic development and hunting.
• Experience designing or improving hunt programs, including workflow/process, metrics, reporting, and knowledge management.
• Industry Standard certifications (one or more), such as: GIAC GCIA, GMON, GX-IA, GCED, GX-CX, GCIH, GCFE, GCFA, GEIR, GCFR, GNFA, GCTI, GCTD, GCFR, GCPN, GPEN, GXPN Microsoft SC-200, AZ-500 CompTIA Cybersecurity Analyst (CySA+)

Responsibilities

• Lead proactive threat hunts across enterprise environments (on-prem and cloud), including Active Directory/Entra, M365, Azure, AWS, endpoints, identity, network, and application telemetry.
• Develop and refine hunt hypotheses based on emerging threats, adversary TTPs, vulnerability exploitation trends, and internal detections/incident learnings; map activity to frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
• Execute advanced investigations and log analytics using SIEM/XDR platforms; leverage Splunk SPL and Microsoft KQL to identify suspicious patterns, perform pivoting, and validate attack paths.
• Operationalize outcomes by translating hunt findings into durable defensive improvements: candidate detections/use-cases, analytic content, prioritized telemetry gaps, and actionable response guidance for IR/CSOC.
• Partner with Cyber Threat Intelligence to convert intelligence into environment-specific hunting plans, tracking, and measurable coverage (e.g., techniques, telemetry sources, and control validations).
• Partner with Detection Engineering to develop, test, and tune detection logic, including supporting documentation, test cases, and validation against realistic adversary behaviors.
• Drive visibility and resiliency improvements by identifying logging and data quality deficiencies, prioritizing remediation with stakeholders, and validating that required telemetry is consistently available.
• Provide technical leadership and coaching to threat hunting staff, including reviewing analytic approaches, promoting repeatable methodologies, and uplifting standards for documentation and knowledge sharing.
• Communicate clearly to stakeholders by producing concise executive summaries and detailed technical write-ups, brief leadership and technical partners on risk, scope, and recommended actions.
• Support incident response as needed by performing adjacency and scoping hunts during active incidents to prevent under-scoping and to identify persistence, lateral movement, and follow-on activity.
• Contribute to program maturity by improving playbooks, workflows, metrics, and reporting for threat hunting operations (e.g., coverage progress, outcomes, and time-to-insight).

Benefits

• Market competitive base salaries, with a yearly bonus potential at every level.
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.