Sr. Cybersecurity Engineer- Threat Engineer- Remote

Job Overview:
This Cybersecurity Engineer Senior – Threat Engineer focuses on proactively identifying, investigating and neutralizing sophisticated cyber threats that evade traditional defenses. Responsible for threat research, threat hunting, digital forensics, malware analysis, full-cycle incident response, and leading purple team exercises to collaboratively test, validate and enhance detection/response capabilities. The position plays a critical role in minimizing adversary dwell time, closing detection gaps, and strengthening organizational resilience against advanced persistent threats (APTs), ransomware, nation-state actors, and emerging attack techniques.

The role functions as part of the Cybersecurity Operations team and collaborates cross-functionally with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams to secure and defend against existing and emerging threats to the organization. The role is expected to independently lead engagements from conception to completion, communicate technical details to partners and senior leadership, mentor junior staff, and provide technical direction to the program

Job Responsibilities

Incident Response & Containment
• Serve as lead or escalation responder for high-severity incidents, including ransomware, data breaches, APT intrusions, and insider threats
• Lead scoping, containment, eradication, and recovery efforts in coordination with cross-functional teams
• Reconstruct attack timelines, correlate events across sources, and produce detailed root cause analyses and executive reports

Advanced Threat Research
• Partner with Threat Intelligence to conduct in-depth research on emerging threats, attack vectors, threat actor TTPs, and indicators of compromise
• Identify emerging and persistent threats to the organization's networks, systems, and applications
• Map adversary behaviors to frameworks such as MITRE ATT&CK, D3FEND, and Cyber Kill Chain

Proactive Threat Hunting
• Lead and execute threat hunting campaigns across endpoints, networks, cloud environments, identity systems, and logs to uncover hidden threats and signs of compromise
• Analyze large-scale telemetry (EDR, SIEM, UEBA, system logs) for behavioral anomalies, persistence mechanisms, and lateral movement
• Identify detection gaps and collaborate with Detection Engineering team on creating or tuning new detection rules, signatures, and analytics
• Lead coordinated efforts across Cyber teams to ensure the effective delivery and tracking of intelligence-driven evaluations and responses to threats
• Create and maintain Threat Library that can be used to executive and tactical reporting as well as track organizational action items

Digital Forensics & Malware Analysis
• Perform host-based, memory, and network forensic investigations on suspected compromised systems
• Conduct reverse engineering and static/dynamic analysis of malware, scripts, exploits, and tools used by adversaries
• Preserve and analyze forensic artifacts while maintaining chain of custody

Purple Teaming & Improvement
• Lead purple team exercises, facilitating collaboration between offensive (red) and defensive (blue) teams to simulate real-world adversary TTPs, validate detection effectiveness, identify gaps in monitoring/response, and drive iterative improvements to security controls and processes
• Design, scope, and execute purple team engagements, including adversary emulation, attack path validation, and real-time feedback loops to enhance threat detection, hunting, and incident response playbooks

Collaboration & Knowledge Sharing
• Mentor and develop SOC team on hunt methodology, adversary TTP analysis, detection tuning and other advanced techniques
• Partner with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams
• Stay current with industry trends through conferences, research, and certifications

Additional Responsibilities
• Operate and mature process related to the threat hunting program across SOC teams and related security vendors/services
• Develop a threat assessment/modeling framework documenting threats to aid in driving resiliency initiatives that require broader non-SOC business partner buy-in
• Security tooling assessments
• Monitor, evaluate and manage any third-party hunt activities and provide recommendations
• Maintain a shared library of threat research integrated with threat intelligence and detection libraries
• Perform deep-dive analysis on specific threats (e.g., tracking a ransomware group’s evolution)
• Correlate internal telemetry (SIEM, logs, EDR data) with external threat intelligence
• Apply intelligence to create use cases and detection rules through collaboration across teams
• Run tabletop exercises or simulations based on current threat actor behavior
• Update the threat hunt program’s roadmap and tooling
• Participate in intelligence-sharing collaborations (e.g., with ISACs, government, or vendors)
• Develo