Cybersecurity Engineer III

Piper Companies is seeking a Cybersecurity Engineer III to support advanced incident response, threat hunting, and detection engineering efforts across enterprise environments. This is a hybrid position located in Carrollton, Texas
. The Cybersecurity Engineer III owns complex security incidents end‑to‑end, performs deeper investigative and threat‑hunting work, and plays a key role in improving detection capabilities, response processes, and overall security posture. This role builds on the Cybersecurity Engineer II responsibilities, with increased ownership, technical depth, and strategic influence
.

• Own complex cybersecurity incidents end‑to‑end with minimal guidance, including investigation, analysis, coordination, documentation, and post‑incident improvements
• Perform advanced threat hunting and deep investigative work across EDR, SIEM, and cloud environments beyond alert‑driven activity
• Analyze attacker behavior such as process execution, command‑line activity, persistence techniques, and lateral movement
• Tune and improve detections across SIEM and EDR platforms to reduce false positives and improve signal quality
• Create, enhance, and maintain detection logic
  , rules, and queries based on threat intelligence, attacker behavior, and incident learnings
• Identify gaps in security posture
  , detection coverage, or response capabilities and recommend practical improvements
• Contribute to incident response strategy
  , operational maturity, and continuous process improvement initiatives
• Translate technical findings into clear, actionable recommendations for internal security and technology teams
• Serve as a technical escalation point during investigations and guide or mentor junior analysts or engineers as needed
• Partner closely with internal security, infrastructure, and cloud teams during incident response and improvement efforts

• 5–8+ years of relevant experience in incident response, threat hunting, detection engineering, or advanced SOC (Tier 3 / escalation‑level) environments
• Strong hands‑on experience with EDR platforms (e.g.,
  Crowd Strike, Microsoft Defender
  ) in investigative and response scenarios
• Experience operating and tuning detections within SIEM platforms such as Splunk or Microsoft Sentinel
• Demonstrated ability to independently investigate complex threats
  , including malware, phishing, account compromise, and advanced attacker activity
• Strong understanding of how EDR, SIEM, cloud environments, and infrastructure work together from a security perspective
• Experience working in Azure and/or AWS environments
• Ability to clearly explain why activity is malicious and communicate impact, risk, and remediation recommendations to both technical and non‑technical stakeholders

• Salary Range: $135,000–$145,000 (dependent on experience)
• Employment Type: Full‑time, hybrid position requiring on‑site presence in Carrollton, TX (DFW area)
• Benefits: Comprehensive benefits package including Medical, Dental, Vision, 401(k), PTO, and Paid Sick Leave as required by law

This job opens for applications on 04/13/2026
. Applications will be accepted for at least 30 days from the posting date.