Security Operations Vice President - Senior Threat Detection Engineer
Security Operations Vice President - Senior Threat Detection Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Embrace the challenge of maintaining robust digital security driving operational excellence and implementing cutting-edge solutions in cybersecurity.
As a Security Operations Vice President in Cybersecurity & Tech Controls you will be a technical leader in our Cyber Defense function enhancing our capabilities to detect prevent and disrupt sophisticated cyber threats across a complex hybrid enterprise. You will design scalable detection solutions and play a key role in our detection-as-code framework ensuring comprehensive coverage across endpoints networks cloud infrastructure and critical business systems. Collaborating closely with Security Operations Center (SOC) analysts threat hunters red team members and internal security engineering teams you will develop scalable high-fidelity detections using logs telemetry and behavioral analytics from diverse data sources. The ideal candidate will have SOC experience a passion for researching TTPs and the threat landscape and the ability to translate this research into high-quality detections.
As a technical lead your responsibilities will include advanced analysis threat hunting evaluating new security technologies and ensuring the integration of larger technology projects into the Cyber Defense team and monitoring function. You will apply advanced analytical technical and problem-solving skills to achieve operational excellence and implement innovative solutions to tackle complex security challenges.
Job responsibilities
- Design implement and continuously refine advanced threat detection rules logic and models in SIEM EDR and cloud-native platforms (e.g. Splunk Sentinel CrowdStrike AWS/Azure/GCP).
- Continuously refine detection strategies based on evolving TTPs (MITRE ATT&CK) threat intelligence and red/purple team feedback.
- Utilize detection-as-code pipelines and SRE principles to build and maintain detections with appropriate versioning QA and testing workflows.
- Perform threat model reviews architecture reviews and detection gap assessments.
- Operationalize MITRE ATT&CK mappings threat intel insights and adversary simulation results to develop precise detection logic.
- Map detection coverage against evolving threat landscapes aligning with industry frameworks and internal threat profiles.
- Partner with Threat Intelligence Red Team and Incident Response teams to close the feedback loop between detection hypotheses and real-world adversary behavior.
- Evaluate new telemetry sources and support the onboarding normalization and enrichment of log sources to ensure high-fidelity data for detection and analytics.
- Mentor junior analysts and engineers in detection logic design telemetry analysis and security operations best practices.
Evaluate and enhance the organizations security posture by staying current with industry trends emerging threats and regulatory requirements driving innovation and process improvements.
Required qualifications capabilities and skills
- Bachelors Degree in Computer Science Cybersecurity Data Science or related disciplines
- 5 years of experience in cybersecurity with a core focus on threat detection security engineering or SOC operations.
- Expertise in SIEM platforms (e.g. Splunk SPL KQL Elastic) with a strong command of query optimization dashboarding and alert logic development.
- Advanced understanding of attacker TTPs malware behaviors lateral movement techniques and financial-sector-specific threat actors.
- Experience with threat hunting on a large enterprise network both as an individual and leading hunting exercises with other team members.
- Deep familiarity with telemetry from EDRs Cloud logging (e.g. AWS Azure GCP) Windows/Linux event logs identity platforms (e.g. Azure AD) and public cloud services.
- Ability to research TTPs analyze raw log and develop high fidelity detections in various tools/languages.
- Proven experience collaborating with SOC IR threat intel or red teams in a fast-paced environment.
- Strong grasp of security frameworks and taxonomies including MITRE ATT&CK Cyber Kill Chain NIST and SIGMA/YARA formats.
- Proficiency in scripting languages such as Python or PowerShell to support automation and enrichment tasks.
Experience creating and working with Jupyter Notebooks to automate workflows and processes.
Preferred qualifications capabilities and skills
- Experience with detection-as-code methodologies and tools (e.g. Git-based pipelines CI/CD for security content).
- Background in cloud security (AWS/GCP/Azure) particularly around detection and log correlation in IaaS and SaaS environments.
- Familiarity with SOAR platforms and anomaly-based detection techniques.
- Experience leveraging Large Language Models (LLMs) for security use cases such as log parsing alert triage threat narrative generation or threat intelligence summarization.
- Experience in integrating LLMs into detection workflows to enhance context enrichment rule generation or automated investigation support.
Required Experience:
Chief
Employment Type
Full-Time
