Sr Threat Engineer
Listed on 2026-07-17
-
IT/Tech
Cybersecurity
About the Job:
The Senior Threat Hunt Engineer is an advanced and highly trusted role supporting the enterprise cybersecurity program. As a member of Northwestern Mutual's Threat Hunting Program under the Threat Intelligence umbrella, the Senior Threat Hunt Engineer is primarily responsible for developing and maintaining the operational and technical foundation of the program including automation, tooling integration, detection handoff pipelines, and AI-assisted hunt workflows.
Grounded in threat intelligence and hunt experience, the Senior Threat Hunt Engineer also executes proactive and signal-driven hunts across endpoint, network, cloud, and identity telemetry, translating findings into durable detections and institutional knowledge.
This role works closely with internal technical teams including Threat Intelligence, Detection & Response, Detection Engineering, Adversarial Simulation, Purple Team, Incident Command, and Governance, Risk & Compliance and with peer organizations, industry-sharing groups, and law enforcement affiliations where appropriate. The Senior Threat Hunt Engineer supports the hunt community across Cyber Defense, contributes engineering rigor to hunt artifacts, and ensures repeatable, version-controlled hunt processes as the program matures from manual to increasingly automated operations.
What You'll Do:
Maintain and mature the operational hunt framework used across Cyber Defense. Build, document, and refine the templates, integrations, and standards hunters from multiple teams follow.
Design, build, and maintain integrations and automation across the hunt lifecycle spanning work-tracking, collaboration, ticketing, knowledge management, SIEM, EDR, threat intelligence platforms, and reporting.
Execute hunts and support the hunt community across teams. Perform proactive and signal-driven hunts, respond to hunt questions from hunters across Cyber Defense, and partner with Threat Intelligence to translate hunt-informed analysis into actionable intelligence. Synthesize hunt outcomes into cross-hunt correlations, control gap identification, and inputs to future hunts and detections.
Partner with detection engineering to translate hunt findings into production rules and analytics. Contribute detection candidates through the established handoff pipeline.
Consume and apply threat intelligence to hunt activity. Track adversary and threat cluster TTPs relevant to Northwestern Mutual, prioritize what matters, and translate intel into hunt hypotheses.
Mentor analysts and junior hunters. Pair on investigations, lead technical deep-dives, and grow the hunt capability across teams.
Report on program outcomes. Communicate findings to internal stakeholders what was found, what was contained, where detection coverage gaps exist, and what was changed as a result.
Evaluate, integrate, and maintain security tooling used by the Threat Hunting Program, including threat intelligence platforms, enrichment services, and hunt-supporting analytical tools.
Evaluate and integrate AI to accelerate hunt workflows, including hypothesis drafting, MITRE ATT&CK mapping suggestion, query generation, and summarization, with appropriate human review and tracking.
Research current and emerging cyber threats facing the business and industry sector.
Track threat actors, threat clusters, and associated malware families relevant to Northwestern Mutual and the financial services sector.
Document threats into contextual reports outlining severity, urgency, and impact, and ensure they can be understood by both leadership and technical teams.
Serve as a trusted advisor to maintain credibility with business unit leadership and technical teams.
Actively inform and engage in security projects across the business to disrupt active or potential threats.
Participate in collaborative threat analysis discussions with internal and external trusted entities.
Perform other duties as assigned.
What You'll Bring to the Role:
A minimum of 5-10 years in threat intelligence, threat hunting, incident response, or detection engineering, with meaningful experience across both threat intelligence and threat hunting disciplines.
Bachelor's degree in computer science, cybersecurity, engineering, or a related field (or equivalent experience).
Relevant certifications such as GCTI, GCIH, GCFA, GCIA, GCDA, OSCP, CEH, or CISSP are a plus. Cloud-focused security certifications (e.g., AWS Security Specialty, GCP Professional Cloud Security Engineer) are also valued.
Deep hands-on experience running proactive and signal-driven hunts across SIEM, EDR, network, cloud, and identity telemetry in enterprise environments.
Strong scripting and automation skills;
Python required, with additional experience in Power Shell, Bash, or equivalent a plus.Deep hands-on experience with enterprise SIEM search languages, including advanced query development, dashboard building, saved searches, alerting, and query optimization at enterprise scale.
Hands-on experience developing and consuming REST APIs…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).