Sr. Manager, Threat Engineering

We are an American luxury lifestyle brand founded in 2004. Anchored in the casual elegance of American sportswear Torys design philosophy is defined by effortless silhouettes innovative materials eclectic juxtapositions of color and the tension of past and present. The collections include ready-to-wear handbags footwear accessories jewelry home and beauty.

Empowering women is the companys guiding principle expressed through Torys collections and reflected in the company culture as well as the work of the Tory Burch Foundation. Established in 2009 the Foundation provides women entrepreneurs in the United States with access to capital education and community.

You are seeking a work environment where people are encouraged to dream explore discover and as important laugh together. If youre prepared to work hard create impact and have fun while doing it we would love to have you join #TeamTory. Apply today!

Life @ToryBurch is Special Because:

When you join us youre joining a global purpose-led company on an exciting growth journey with an amazing culture and great benefits.

• Our culture is welcoming and inclusive -- everyone is empowered to make a difference.
• We have the best team in the world and believe in paying competitively and rewarding for high performance.
• Your overall well-being is important to us; we offer generous benefits to help you take care of your mental and physical health create financial security and achieve wellness in all areas of your life.
• We love seeing our employees wear our beautiful collections. Youll receive a generous employee discount and access to exclusive sample sales.
• We are invested in your professional growth youll have access to free executive coaching on-demand.
• We believe in the importance of giving back and youll have many opportunities to do just that through the Tory Burch Foundation and paid volunteer days.

This Role is Tailor-Made for You Because:

A Day in the Life:

You will own enterprise threat management and threat modeling identifying relevant adversaries tactics techniques and procedures and ensuring those models actively drive detection engineering vulnerability prioritization and governance decisions. You will apply frameworks such as MITRE ATT&CK pragmatically with emphasis on identity-based attack paths cloud-native threats insider abuse supply chain compromise and AI-enabled abuse.

• You will serve as the lead authority for detection strategy across human and non-human identities including service accounts workloads APIs pipelines and agentic systems.
• You will define and drive a threat capability maturity model covering detection response identity security data governance privacy third-party risk and crisis readiness. You will assess current state define target maturity and lead initiatives that measurably advance capability over time .
• You will ensure identity telemetry privilege use token issuance and anomalous behavior are first-class detection concerns across networks Microsoft 365 GCP and enterprise platforms..
• You will lead and mentor a Detection Engineer and partner with the Privacy Risk & Control Engineer ensuring threat privacy compliance and audit activities are tightly integrated.
• You will remain hands-on in defining validating and tuning detections across identity cloud endpoint network application and data layers ensuring detections are adversary-driven high-fidelity and operationally actionable.
• You will own and actively challenge red team purple team and penetration testing activities ensuring they reflect realistic adversary behavior current threat conditions and meaningful business impact. You will interrogate findings validate exploit paths and ensure outcomes drive improvements in detection configuration architecture and response readiness rather than producing static reports.
• You will design lead and facilitate consequence-driven tabletop exercises focused on real threat scenarios escalation breakdowns decision authority and business impact. These exercises will extend beyond technical response to test executive decision-making communications legal considerations third-party dependencies and operational resilience.
• You will establish and maintain working partnerships with internal and external crisis and incident management stakeholders including MSSPs legal counsel communications insurance providers and executive leadership. You will ensure roles escalation paths and decision rights are clear before incidents occur and exercised regularly.
• You will optimize the organizations security stack and managed security service providers to ensure full visibility integration and coverage. You will challenge runtime security assumptions configuration quality and alert effectiveness driving automation and workflow improvements that reduce MTTR and eliminate blind spots.
• You will own risk-based threat and vulnerability management ensuring remediation priorities reflect exploitability adversary relevance identity exposure and business context rather than severity scores alone.
• You will develop and deliver executive-level threat and risk reporting including clear KPIs and key security factors that communicate detection effectiveness control maturity incident readiness audit posture and residual risk to both technical and business audiences.

To Land This Role:

• Bachelors degree in computer science engineering information security or equivalent practical experience.
• 10 years of progressive experience in threat engineering detection engineering advanced security engineering or closely related roles in complex cloud and identity-centric environments.
• Advanced expertise in threat modeling threat hunting and adversarial techniques across enterprise networks Microsoft 365 GCP CI/CD pipelines ERP platforms and data environments. Demonstrated experience applying MITRE ATT&CK or similar frameworks to operational threat management and adversarial validation programs.
• Strong technical depth in identity and access management non-human identities cloud security configuration management runtime security data governance and AI-related risk. Proven ability to interrogate architectures challenge red and purple team outputs and translate findings into concrete mitigations.
• Professional certifications such as CISSP OSCP GWAPT or similar are highly desirable
• Demonstrated ability to lead technical staff while remaining deeply engaged in threat strategy adversarial analysis governance audit assurance and executive consequence management.

Why Youll Want to Join Our Team:

How We Work Together

• Adaptable We change before we have to
• Entrepreneurial We own it
• Collaborative Theres no I in Tory
• Client & Brand Focused We put ourselves in Torys shoes
• Live the Values We show up for each other
• Functional Expertise Were constantly learning and growing

#TeamTory Values

We show up with honesty & kindness act with integrity & compassion work with passion & humility and lead with excellence & humor.

Compensation Range

Benefits Information

We offer a generous set of benefits to help you take care of your heath create financial security and achieve wellness in all areas of your life. Here are highlights of key benefits available to all Tory Burch members that work over 30 hours.

Equal Employment Opportunity Statement

Tory Burch LLC is an Equal Employment Opportunity employer and provides equal opportunities to all employees and applicants without regard to an individuals age race creed color religion national origin sex (including pregnancy) or sexual orientation gender expression military status marital status genetic predisposition or carrier status disability or membership in any other protected class under applicable law. Likewise we will consider qualified applicants with criminal histories for employment in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring Ordinance No. 184652. Pursuant to the San Francisco Fair Chance Ordinance we will consider qualified applicants with arrest and conviction records for employment.

Disability Accommodation

Tory Burch is committed to providing reasonable accommodations to applicants and employees with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures providing documents in an alternate format using a sign language interpreter or using specialized equipment. If you require assistance or an accommodation with the hiring process please contact .