Embrace the challenge of maintaining robust digital security, driving operational excellence, and implementing cutting-edge solutions in cybersecurity.

 

As a Vice President - Threat Detection Engineer you will contribute deep expertise in adversary behavior, strong security engineering  and data analysis skills, and the ability to convert threat intelligence into effective detection. You will regularly collaborate with cross-functional teams to develop a coordinated approach to security, ensuring the integrity, confidentiality, and availability of sensitive data and systems. You will apply advanced analytical, technical, and problem-solving skills to enable operational excellence and implement innovative solutions to address complex security challenges. By staying current with industry best practices, policies, and procedures, you will contribute to maintaining a secure digital environment and driving continuous improvement in the firm.

Collaborating closely with Security Operations Center (SOC) analysts, threat hunter, red team members, and internal security engineering teams, you will develop scalable, high-fidelity detections using logs, telemetry, and behavioral analytics from diverse data sources. The ideal candidate will have SOC experience, a passions for researching TTPs and the threat landscape, and the ability to translate this research into high-quality detections. 

As a Threat Detection Engineer, your responsibilities will include advanced analysis, threat hunting, evaluating new security technologies, and ensuring the integration of larger technology projects into the Cyber Defense team and monitoring function. You will apply advanced analytical, technical, and problem-solving skills to achieve operations excellence. 

Job responsibilities

Execute and influence the design of comprehensive security strategies, policies, and procedures to enhance threat detection capabilities and protect the organization's digital assets and infrastructure from cybersecurity threatsDesign, implement, and continuously refine advanced threat detection rules, logic, and models in SIEM, EDR, and cloud-native platforms (e.g., Splunk, Sentinel, CrowdStrike, AWS/Azure/GCP). Utilize detection-as-code- pipelines and SRE principles to build and maintain detections with appropriate versioning, QA, and testing workflows.Perform threat model review, architecture reviews and detection gap assessments. Operationalize MITRE ATT&CK mappings, threat intel insights, and adversary simulations results to develop precise detection logic. Proactively monitor and analyze complex data and systems to identify indicators of vulnerabilities and compromises, utilizing advanced tools and techniques to detect anomalies and contribute to the development of strategies for security investigation, threat mitigation, and incident responseCollaborate with cross-functional teams to ensure a coordinated approach to security, sharing insights, and promoting best practices across the organizationEvaluate and enhance the organization's security posture by staying current with industry trends, emerging threats, and regulatory requirements, driving innovation and process improvements.

Required qualifications, capabilities, and skills

Obtain 5+ years of experience in cybersecurity operations, with a focus on threat detection, incident response, and security infrastructure management, or SOC operations. Demonstrated expertise in multiple security domains, including network security, malware analysis, threat hunting, and security architecture and design, with proficiency in using Security Information and Event Management (SIEM) tools and advanced analytics techniquesAdvanced knowledge of network and infrastructure configuration/security, including experience in designing and implementing security solutions for on-premises, cloud, or hybrid environments

Preferred qualifications, capabilities, and skills

Experience with detection-as-code methodologies and tools (e.g., Git-based pipelines, CI/CD for security content).Background in cloud security (AWS/GCP/Azure), particularly around detection and log correlation in IaaS and SaaS environments.Familiarity with SOAR platforms, and anomaly-based detection techniques.Experience leveraging Large Language Models (LLMs) for security use cases such as log parsing, alert triage, threat narrative generation, or threat intelligence summarization.Experience in integrating LLMs into detection workflows to enhance context enrichment, rule generation, or automated investigation support.