Expert Cyber Security Incident and Threat Engineer

***We are unable to sponsor for this permanent full-time role***

***Position is bonus eligible***

Prestigious Enterprise Company is currently seeking a Staff Cyber Security Incident and Threat Engineer. Candidate will be responsible for handling complex security incidents as an Incident Commander, building detections and detection frameworks, collaborating with cross functional peers, and helping to drive our overall security strategy.

Responsibilities:

Incident Command and Response – Tier 3 Escalation 

• Act as the Incident Commander for critical security events as part of our on-call rotation.
• Foster a culture of learning through blameless post-mortems to drive measurable improvements in both processes and tooling.
• Analyze security alerts and data from various sources (SIEM, EDR, IDS/IPS, logs) to identify and investigate sophisticated threats.
• Lead tabletop exercises and IR simulations to a variety of audiences in order to test and refine incident response plans, identify weaknesses, and enhance communication and collaboration.

Threat Hunting and Intelligence

• Proactively identify potential threats and weaknesses across systems and networks through hypothesis driven threat hunting.
• Identify gaps in detection coverage and proactively develop new telemetry, detections, and analytic approaches to address emerging threats across endpoint, identity, cloud, and network domains.
• Fuse internal telemetry with open source, commercial, and internal intelligence sources to prioritize risks and improve detection strategies. 
• Track adversary TTPs and feed findings back into our hunting and detection pipelines.

Strategic Leadership

• Leverage automation, enrichment, and playbook-driven workflows to reduce manual triage, improve signal quality, and scale detection and response capabilities.
• Work closely with engineering, IT, and risk/compliance teams to improve detection coverage and incident preparedness.
• Lead exploration and responsible adoption of AI to improve detection, response, and analyst workflows, while deeply analyzing how adversarial use of AI evolves tradecraft, reshapes attack surfaces, and impacts enterprise risk.
• Translate technical findings into clear, actionable insights for stakeholders, contributing to executive-facing metrics and narratives around detection efficacy and risk reduction.
• Anticipate and prepare for evolving threats and technology shifts by proactively adapting tooling and detection strategies. 

Qualifications:

• 7+ years of relevant professional experience with a Bachelor’s degree in Computer Science, Information Security or a related field; an equivalent combination of education and experience will also be considered.
• 7+ years of combined hands-on IT and security architecture development and implementation work experience with a broad exposure to infrastructure/network and multi-platform environments. 
•  Deep understanding of operating systems (Windows, Linux, macOS), network protocols, cloud environments (AWS, Google Cloud Platform, Azure), and common attack techniques (MITRE ATT&CK).
• Proficiency with investigation and forensic tools such as EDR platforms (CrowdStrike, SentinelOne), log aggregators (Splunk, ELK), and packet capture tools (Wireshark, Zeek).
• Demonstrated ability to lead high-pressure incident response scenarios across technical and non-technical teams.
• Scripting skills in Python, PowerShell, or Bash for automation and analysis or experience with SOAR platforms is highly preferred.