Sr Threat Hunt Engineer

Northwestern MutualNew York, NY
$118,960 - $205,200Hybrid

About The Position

The Senior Threat Hunt Engineer is an advanced and highly trusted role supporting the enterprise cybersecurity program. As a member of Northwestern Mutual's Threat Hunting Program under the Threat Intelligence umbrella, the Senior Threat Hunt Engineer is primarily responsible for developing and maintaining the operational and technical foundation of the program including automation, tooling integration, detection handoff pipelines, and AI-assisted hunt workflows. Grounded in threat intelligence and hunt experience, the Senior Threat Hunt Engineer also executes proactive and signal-driven hunts across endpoint, network, cloud, and identity telemetry, translating findings into durable detections and institutional knowledge. This role works closely with internal technical teams — including Threat Intelligence, Detection & Response, Detection Engineering, Adversarial Simulation, Purple Team, Incident Command, and Governance, Risk & Compliance — and with peer organizations, industry-sharing groups, and law enforcement affiliations where appropriate. The Senior Threat Hunt Engineer supports the hunt community across Cyber Defense, contributes engineering rigor to hunt artifacts, and ensures repeatable, version-controlled hunt processes as the program matures from manual to increasingly automated operations.

Requirements

  • A minimum of 5-10 years in threat intelligence, threat hunting, incident response, or detection engineering, with meaningful experience across both threat intelligence and threat hunting disciplines.
  • Bachelor's degree in computer science, cybersecurity, engineering, or a related field (or equivalent experience).
  • Deep hands-on experience running proactive and signal-driven hunts across SIEM, EDR, network, cloud, and identity telemetry in enterprise environments.
  • Strong scripting and automation skills; Python required, with additional experience in PowerShell, Bash, or equivalent a plus.
  • Deep hands-on experience with enterprise SIEM search languages, including advanced query development, dashboard building, saved searches, alerting, and query optimization at enterprise scale.
  • Hands-on experience developing and consuming REST APIs across security tooling — including work-tracking, collaboration, ticketing, SIEM, EDR, and threat intelligence platforms.
  • Demonstrated experience building event-driven automation using webhooks or similar integration patterns.
  • Experience building, integrating, and maintaining security tooling and workflows at enterprise scale.
  • Working knowledge of version control workflows, branching strategies, and code review practices.
  • Ability to write clear technical documentation for automation and integrations, including runbooks for maintenance and troubleshooting.
  • Ability to communicate complex findings clearly to both technical and leadership audiences.
  • Advanced analytical reasoning skills.
  • Applicable knowledge of adversary tactics, techniques, and procedures (TTPs), the MITRE ATT&CK framework, the unified kill chain, and open-source intelligence (OSINT).
  • Hands-on experience with SIEM, intrusion detection/prevention systems, threat intelligence platforms, and security orchestration and automation platforms.
  • Ability to analyze host, network, cloud, and identity telemetry; strong understanding of operating system internals; working knowledge of malware behavior, vulnerabilities, and exploitation techniques.
  • Experience with incident collaboration, adversary tooling, and threat-informed defense methodology.
  • Capable of working with diverse teams across Cyber Defense; comfortable operating in a cross-team enablement role rather than a single-team hunt queue.
  • Demonstrated understanding of network, host, cloud, and identity cybersecurity solutions.
  • Ability to maintain a high level of integrity, trustworthiness, and confidence, with the highest level of professionalism.
  • Strong project management, multitasking, and organizational skills with minimum guidance.
  • Ability to preserve credibility with the team and external constituents through sustained industry knowledge.
  • Self-starter requiring minimal supervision.

Nice To Haves

  • Experience with AI-assisted security workflows and appropriate operational guardrails.
  • Familiarity with structured, version-controlled hunt methodologies.
  • Experience building and maintaining CI/CD pipelines for security content.
  • Experience building or contributing to a new or evolving threat hunt or detection engineering program, as opposed to only operating within an established one.
  • Experience with SOAR platforms and playbook development.
  • Experience with cloud-native security tooling and cloud API integration.
  • Experience in financial services or another regulated industry.
  • Contributions to open-source security tooling, published research, or public threat intelligence.
  • Relevant certifications such as GCTI, GCIH, GCFA, GCIA, GCDA, OSCP, CEH, or CISSP are a plus.
  • Cloud-focused security certifications (e.g., AWS Security Specialty, GCP Professional Cloud Security Engineer) are also valued.

Responsibilities

  • Maintain and mature the operational hunt framework used across Cyber Defense.
  • Build, document, and refine the templates, integrations, and standards hunters from multiple teams follow.
  • Design, build, and maintain integrations and automation across the hunt lifecycle — spanning work-tracking, collaboration, ticketing, knowledge management, SIEM, EDR, threat intelligence platforms, and reporting.
  • Execute hunts and support the hunt community across teams.
  • Perform proactive and signal-driven hunts, respond to hunt questions from hunters across Cyber Defense, and partner with Threat Intelligence to translate hunt-informed analysis into actionable intelligence.
  • Synthesize hunt outcomes into cross-hunt correlations, control gap identification, and inputs to future hunts and detections.
  • Partner with detection engineering to translate hunt findings into production rules and analytics.
  • Contribute detection candidates through the established handoff pipeline.
  • Consume and apply threat intelligence to hunt activity.
  • Track adversary and threat cluster TTPs relevant to Northwestern Mutual, prioritize what matters, and translate intel into hunt hypotheses.
  • Mentor analysts and junior hunters.
  • Pair on investigations, lead technical deep-dives, and grow the hunt capability across teams.
  • Report on program outcomes.
  • Communicate findings to internal stakeholders — what was found, what was contained, where detection coverage gaps exist, and what was changed as a result.
  • Evaluate, integrate, and maintain security tooling used by the Threat Hunting Program, including threat intelligence platforms, enrichment services, and hunt-supporting analytical tools.
  • Evaluate and integrate AI to accelerate hunt workflows, including hypothesis drafting, MITRE ATT&CK mapping suggestion, query generation, and summarization, with appropriate human review and tracking.
  • Research current and emerging cyber threats facing the business and industry sector.
  • Track threat actors, threat clusters, and associated malware families relevant to Northwestern Mutual and the financial services sector.
  • Document threats into contextual reports outlining severity, urgency, and impact, and ensure they can be understood by both leadership and technical teams.
  • Serve as a trusted advisor to maintain credibility with business unit leadership and technical teams.
  • Actively inform and engage in security projects across the business to disrupt active or potential threats.
  • Participate in collaborative threat analysis discussions with internal and external trusted entities.
  • Perform other duties as assigned.

Benefits

  • Pay Range - Start: $118,960.00
  • Pay Range - End: $178,440.00
  • Geographic Specific Pay Structure: Structure 110: $130,880.00 USD - $196,320.00 USD
  • Geographic Specific Pay Structure: Structure 115: $136,800.00 USD - $205,200.00 USD
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service