SR Security Engineer I, Hunt & Incident Response

About The Position

Requirements

• Bachelor’s degree and 5 years of Threat Detection and Incident Response experience, OR 9 years of IT experience, of which 7 years should be in Threat Detection and Incident Response.
• Demonstrated experience with threat intelligence platforms, SIEM, and other cybersecurity tools and technologies such as the following: Microsoft Defender, CrowdStrike XDR, Palo Alto XSIAM, Microsoft Sentinel, Microsoft Azure Active Directory, Splunk.
• Demonstrated experience and understanding of threat hunting techniques, including the use of EDR tools, network traffic analysis, and other techniques.
• Experience with the MITRE ATT&CK framework and techniques.
• Excellent verbal and written communication skills, with the ability to effectively interact with all coworkers and stakeholders.
• Strong analytical and problem-solving skills, with the ability to think strategically and creatively.
• Ability to prioritize work and handle multiple tasks simultaneously in a fast-paced, diverse, and growth-oriented environment.

Nice To Haves

• Current and relevant cybersecurity certifications such as the following are a plus: GIAC Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), Microsoft Azure.

Responsibilities

• Threat Detection and Incident Response Conduct comprehensive alert investigations by correlating data from multiple sources, including SIEM, EDR, firewalls, DNS, and identity logs. Independently assess potential incidents applying advanced analytical judgement. Implement containment measures through EDR and network controls, mitigate lateral movement risks, and provide comprehensive support across all phases of the NIST IR lifecycle with limited supervision. Ensure comprehensive documentation, accurate timelines, and clear communication are delivered to leadership, Tier 3 personnel, and cross-functional stakeholders during incident management. Utilize threat intelligence, including IOC enrichment, TTP mapping, and actor profiling, to enhance the context of investigations and increase the accuracy of detection. Oversee CSOC escalations throughout the shift, mentor Tier 1 analysts, and facilitate effective handoffs during shift transitions. Leverage AI copilots and agentic automation to accelerate triage, summarize investigations, enrich alerts, and validate findings to reduce manual workload.
• Threat Detection Engineering Design, optimize, and validate detection logic—including queries, alerts, and correlation rules—across SIEM/XDR platforms; provide recommendations for enhancements informed by recurring patterns identified during investigations. Assess false positives and suggest tuning strategies based on trends, MITRE ATT&CK mapping, and business context. Collaborate with CSIRT/TDR leaders to enhance playbooks, SOPs, and automation workflows based on real‑world incidents and data insights. Employ scripting languages such as Python or PowerShell to streamline routine detection tasks, including log parsing and data enrichment, in accordance with higher standards of technical proficiency. Partner with Threat Intelligence to identify relevant TTPs and ensure detection coverage aligns with emerging threats and campaigns. Apply AI‑assisted detection engineering to generate, test, and optimize detection rules, leveraging generative AI to accelerate logic creation and improve long-term detection posture.
• Threat Hunting Conduct proactive, hypothesis‑driven hunts using behavioral analytics, MITRE ATT&CK mapping, and telemetry across endpoints, network, identity, and cloud systems. Actively participate and lead portions of purple‑team style hunting activities, including identification of gaps and iterative improvement of detection logic and data coverage. Conduct comprehensive log analysis (including Sysmon, auditd, DNS, proxy, NetFlow, and EDR telemetry) to identify sophisticated attacker activities that may evade alert detection. Use threat intelligence (campaign tracking, actor profiling, IOC/TTP analysis) to inform hunting hypotheses and identify early indicators of adversary activity. Document hunting outcomes, provide insights to leadership, and contribute to ongoing capability maturity efforts across the CSIRT and CSOC. Employ AI/agentic tooling to generate hunting hypotheses, enrich datasets, automate pivoting, and accelerate pattern recognition during hunts.
• Detection Posture Management Continuously assess detection coverage across tools, data sources, and threat categories; identify gaps and recommend strategic improvements. Monitor detection effectiveness using KPIs such as false positive rates, detection latency, incident patterns, and threat campaign applicability. Collaborate with engineering, CSIRT, and CSOC leadership to ensure telemetry quality, log source onboarding, and alignment with organizational risk priorities. Maintain oversight of data correlation capabilities and ensure tuning aligns with business context and emerging adversary techniques. Drive continuous improvement of detection and response processes, leveraging expertise to influence cross‑team strategy and operational outcomes. Use AI‑driven posture assessment (e.g., AI gap analysis, AI‑generated coverage maps) to optimize detection quality and automate recurring posture evaluations.