Sr. Manager, Threat Engineering

About The Position

Requirements

• Bachelor’s degree in computer science, engineering, information security, or equivalent practical experience.
• 10+ years of progressive experience in threat engineering, detection engineering, advanced security engineering, or closely related roles in complex cloud and identity-centric environments.
• Advanced expertise in threat modeling, threat hunting, and adversarial techniques across enterprise networks, Microsoft 365, GCP, CI/CD pipelines, ERP platforms, and data environments.
• Demonstrated experience applying MITRE ATT&CK or similar frameworks to operational threat management and adversarial validation programs.
• Strong technical depth in identity and access management, non-human identities, cloud security, configuration management, runtime security, data governance, and AI-related risk.
• Proven ability to interrogate architectures, challenge red and purple team outputs, and translate findings into concrete mitigations.
• Demonstrated ability to lead technical staff while remaining deeply engaged in threat strategy, adversarial analysis, governance, audit assurance, and executive consequence management.

Nice To Haves

• Professional certifications such as CISSP, OSCP, GWAPT, or similar are highly desirable

Responsibilities

• Own enterprise threat management and threat modeling, identifying relevant adversaries, tactics, techniques, and procedures and ensuring those models actively drive detection engineering, vulnerability prioritization, and governance decisions.
• Apply frameworks such as MITRE ATT&CK pragmatically, with emphasis on identity-based attack paths, cloud-native threats, insider abuse, supply chain compromise, and AI-enabled abuse.
• Serve as the lead authority for detection strategy across human and non-human identities, including service accounts, workloads, APIs, pipelines, and agentic systems.
• Define and drive a threat capability maturity model covering detection, response, identity security, data governance, privacy, third-party risk, and crisis readiness.
• Ensure identity telemetry, privilege use, token issuance, and anomalous behavior are first-class detection concerns across networks, Microsoft 365, GCP, and enterprise platforms.
• Lead and mentor a Detection Engineer and partner with the Privacy, Risk & Control Engineer, ensuring threat, privacy, compliance, and audit activities are tightly integrated.
• Remain hands-on in defining, validating, and tuning detections across identity, cloud, endpoint, network, application, and data layers, ensuring detections are adversary-driven, high-fidelity, and operationally actionable.
• Own and actively challenge red team, purple team, and penetration testing activities, ensuring they reflect realistic adversary behavior, current threat conditions, and meaningful business impact.
• Design, lead, and facilitate consequence-driven tabletop exercises focused on real threat scenarios, escalation breakdowns, decision authority, and business impact.
• Establish and maintain working partnerships with internal and external crisis and incident management stakeholders, including MSSPs, legal counsel, communications, insurance providers, and executive leadership.
• Optimize the organization’s security stack and managed security service providers to ensure full visibility, integration, and coverage.
• Challenge runtime security assumptions, configuration quality, and alert effectiveness, driving automation and workflow improvements that reduce MTTR and eliminate blind spots.
• Own risk-based threat and vulnerability management, ensuring remediation priorities reflect exploitability, adversary relevance, identity exposure, and business context rather than severity scores alone.
• Develop and deliver executive-level threat and risk reporting, including clear KPIs and key security factors that communicate detection effectiveness, control maturity, incident readiness, audit posture, and residual risk to both technical and business audiences.

Benefits

• Generous benefits to help you take care of your mental and physical health, create financial security, and achieve wellness in all areas of your life.
• Generous employee discount
• Access to exclusive sample sales
• Free executive coaching on-demand
• Opportunities to give back through the Tory Burch Foundation and paid volunteer days.