Threat Engineer

About The Position

Requirements

• Vulnerability Validation: Proven hands-on experience in manually assessing web application and cloud vulnerabilities. You should be comfortable reading code and executing payloads.
• Program Management: Strong organizational discipline to manage external vendors and audit contractor workflows without needing direct authority.
• Technical Breadth: A solid understanding of DNS configurations, web architectures, and how threat actors pivot through an external attack surface.
• Strategic Thinking: Experience working on problems of diverse scope where you must devise solutions based on limited information or precedent.
• Requires 5+ years of related or equivalent experience within security operations, threat intelligence, or product security; or 3+ years with an advanced degree.
• Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors.
• Devises solutions based on limited information and precedent and adapts existing approaches to resolve issues.
• Uses evaluation, judgment, and interpretation to select the right course of action.
• Work is done independently and is reviewed at critical points.
• Proven experience manually validating web application and cloud vulnerabilities.
• Ability to critically review third-party pentest reports to ensure vendor quality and accuracy.
• Strong organizational discipline to manage external testing vendors, audit contractor workflows, and drive cross-functional remediation efforts without requiring direct authority.
• Experience managing corporate domain portfolios, DNS configurations, and digital brand protection strategies.

Nice To Haves

• Threat Intelligence & Defense: GIAC Cyber Threat Intelligence (GCTI), CompTIA Cybersecurity Analyst (CySA+/SecurityX).
• Offensive Security & AppSec: GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), or CompTIA PenTest+.
• Security Program & Audit Governance: Certified Information Systems Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM).

Responsibilities

• Offensive Security & Bug Bounty Oversight Govern Penetration Testing: Manage outsourced penetration testing programs, ensuring scopes align with compliance and business risk. Act as the primary technical point of contact to unblock vendors and ensure rigorous testing.
• Audit Remediation: Oversee the vulnerability pipeline, ensuring findings are accurately translated into Jira tickets and tracking developer SLAs through to resolution.
• Triage Bug Bounties: Act as the first line of defense for our crowdsourced vulnerability disclosure program; reproducing and validating exploit reports from external researchers.
• Threat Intelligence & Brand Protection Monitor & Analyze: Daily triage of our Threat Intelligence Platform (TIP) for credential exposures and active exploits. You’ll translate raw intelligence into proactive defensive measures.
• Domain Administration: Serve as the primary admin for our Enterprise Domain Management platform, handling registrations, renewals, and DNS security (DNSSEC, DMARC, etc.).
• Takedown Management: Actively monitor for typosquatting and brand impersonation, initiating takedowns when malicious intent is confirmed.
• Human Risk & Awareness Phishing Simulations: Design and analyze organizational phishing campaigns to improve employee resilience.
• Incident Escalation: Serve as the lead investigator for user-reported phishing and social engineering attempts.

Benefits

• competitive compensation
• bonus eligibility
• comprehensive medical coverage
• unlimited PTO
• wellness reimbursement
• professional development funds