Incident Response Manager & Lead Threat Hunter

Company Overview

Bullhorn's core purpose is to create an incredible customer experience, and the organization has a sharp focus on delivering very high quality products and services to its customers. The company culture is shaped by five Core Values:
Ownership, Energy, Speed & Agility, Service, and Being Human. Each value, and its underlying definition, serves as a behavioral guide for employees as they interact with customers and fellow coworkers and is an embedded way of operating across our organization.

This role leads proactive, intelligence-driven hunting to uncover advanced threats while managing critical Incident Response (IR) activities. The Lead will develop hypotheses based on MITRE ATT&CK, analyze logs/EDR data to minimize dwell time, and mentor staff to strengthen the overall security posture and detection capabilities. The Lead will examine new AI tools and determine which, if any, bring value to the process and help implement any approved solutions.

• Proactive Threat Hunting:
  Develop and execute hypothesis-driven hunts using EDR, SIEM, and network traffic analysis to find threats bypassing existing defenses.
• Incident Response Leadership:
  Lead complex investigations and CSIRT activities, providing technical expertise during containment, eradication, and post-incident analysis.
• Threat Intelligence Integration:
  Analyze adversary Tactics, Techniques, and Procedures (TTPs) and integrate intelligence feeds to drive targeted hunting scenarios.
• Detection Engineering:
  Collaborate with security engineering to convert hunting discoveries into permanent actionable alerts, reducing future risk.
• Mentorship & Strategy:
  Mentor junior analysts, define the technical standards for hunting workflows, and report findings to stakeholders.

• Experience: 5-8 years of experience in security operations, threat hunting, or incident response.
• Technical
  
  Skills:
  
  
  • Proficiency in EDR tools (Crowd Strike, Neu Vector), SIEM platforms (XSIAM), and network forensics.
  • Deep understanding of the MITRE ATT&CK Framework and cyber kill chain.
  • Strong query skills (SQL, KQL) and scripting ability (Python, Power Shell).
  • Knowledge of AWS, Azure, and/or GCP security logging and controls (e.g., Guard Duty, Cloud Trail).
  • Experience with cloud security practices and familiarity with Wiz cloud environments.

The annual base salary range for this position is $130,000 - $170,000. In addition, this role is eligible for an annual target bonus and a comprehensive benefits package. Actual pay within the range will be based on factors such as experience, skills, qualifications, geographic location, internal equity, and business or organizational needs and affordability. In accordance with state and local pay transparency laws we disclose salary ranges in all job postings and provide additional information upon request.

• Medical, Dental, Vision, 401(k), 401(k) Match, and more
• Unlimited Planned Paid Time Off
• Global Mental Health Support
• On-Demand Learning & Development
• Quarterly paid volunteer days
• Lucrative Employee Referral Program (eligible for prior to your first day)
• Company-wide mentor program