VP, Cyber Intelligence Leader

About The Position

Requirements

• Bachelor’s degree in computer science or an equivalent degree and a minimum 5 years of work
• 8–12+ years of cybersecurity experience with depth in threat intelligence, threat hunting, detection engineering, and/or incident response.
• 3+ years leading teams and/or enterprise programs with measurable outcomes.
• Demonstrated experience building and operationalizing detections within a SIEM/EDR environment and partnering with SOC/IR.
• Strong knowledge of adversary tactics and frameworks (MITRE ATT&CK) and applying them to detection coverage.
• Proficiency working with security telemetry across endpoint, network, cloud, and edge; strong investigative mindset.
• Strong written and verbal communication skills; ability to brief executives and produce clear technical documentation/runbooks.
• Ability and flexibility to travel for business as required

Nice To Haves

• Experience establishing a detection engineering lifecycle (standards, testing, tuning, change control, coverage reporting).
• Detection content engineering expertise; familiarity with data models/normalization and scalable detection design.
• Financial services and/or regulated industry experience; audit-ready documentation and governance mindset.
• Certifications (preferred): GIAC (GCTI/GCIA/GCIH/GNFA), CISSP, CCSP, or similar.
• Strong technical knowledge of scripting languages and data access methodologies.
• Awareness of the latest cyber security trends and developments.
• US Government Security Clearance, as a plus.

Responsibilities

• Define intelligence requirements and collection plans focused on threats relevant to financial services and Synchrony’s environment.
• Produce strategic, operational, and tactical intelligence (executive reporting, actor/campaign tracking, TTP and IOC packages).
• Translate intelligence into detection content, hunt hypotheses, response playbooks, and prioritized mitigations.
• Manage the intelligence lifecycle (collection → analysis → production → dissemination → feedback).
• Lead hypothesis-driven hunts mapped to MITRE ATT&CK, focused on high-risk scenarios and validated by available telemetry.
• Coordinate hunts across endpoint, network, cloud, identity, and edge/WAF; document repeatable hunt playbooks.
• Escalate validated suspicious activity to Incident Response and support containment/remediation as needed.
• Convert hunt findings into durable improvements: detections, data onboarding/enrichment, and control remediation.
• Lead a detection engineering function responsible for building and maintaining detection content and analytics across the enterprise.
• Develop detection standards (naming, severity, testing criteria, evidence requirements, runbooks) and a structured tuning process.
• Ensure detections are threat-informed (ATT&CK-mapped), measurable, and aligned to JSOC workflow and triage capacity.
• Drive detection validation through purple-team/attack simulation outcomes and real incident lessons learned.
• Partner with SOC to improve alert fidelity, reduce noise, and ensure clear escalation criteria and responder guidance.
• Maintain a detection backlog and release cadence; ensure change control and documentation for auditability.
• Perform other duties and/or special projects as assigned.

Benefits

• eligible for an annual bonus based on individual and company performance
• option to work from home near one of our Hubs or come into one of our offices
• support and encouragement at all levels of the organization
• provided with the tools and technology to grow your career