Information Security Engineer - Threat Defense & Automation
Listed on 2026-07-06
-
IT/Tech
Cybersecurity
About Us
Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows.
Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people.
How We WorkAt Proofpoint you’ll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values:
Bold in how we dream and innovate
Responsive to feedback, challenges and opportunities
Accountable for results and best in class outcomes
Visionary in future focused problem-solving
Exceptional in execution and impact
At Proofpoint, we are committed to protecting organizations and individuals from cyber threats through innovative security solutions. Our mission is to safeguard customers from advanced threats, phishing attacks, and data breaches through cutting‑edge technology and a global team of security experts.
Role OverviewWe’re seeking a Staff Information Security Engineer to help lead and evolve our Global Information Security Operation. In this role, you’ll shape incident response strategy, push forward advanced threat detection and defense capabilities, and take point on the most complex security investigations across the enterprise.
As a Staff-level engineer, you will operate as a subject matter expert and technical leader, partnering across SOC, Threat Intelligence, Detection Engineering, and Security Engineering to improve Proofpoint’s ability to detect, respond to, and proactively hunt advanced threats.
This role includes participation in a 24/7 on‑call incident response rotation.
Location
:
This is a hybrid role based in our Draper, UT or Sunnyvale, CA office 4 days a week.
- Serve as a Level 3 / Staff escalation point for high‑severity incidents.
- Lead investigations into APTs, ransomware, insider threats, and cloud compromises.
- Act as incident commander and coordinate response efforts.
- Participate in 24/7 on‑call incident response.
- Lead threat hunting across endpoint, network, identity, and cloud.
- Operationalize threat intelligence into detections and response.
- Design and improve detections across SIEM, EDR, and SOAR.
- Automate incident triage and response workflows.
- Drive post‑incident reviews and continuous improvement.
- Mentor team members and influence security strategy.
- 12+ years in Incident Response, DFIR, Threat Hunting, or Security Operations.
- Deep expertise in incident response, threat hunting, and threat intelligence.
- Strong knowledge of MITRE ATT&CK and adversary TTPs.
- Experience with SIEM, EDR, SOAR, and cloud security.
- Scripting experience (Python, Power Shell, or Bash).
- Strong communication and leadership skills.
- US Citizen.
- Experience building threat hunting or detection programs.
- Background in threat intelligence or red/purple teaming.
- Certifications such as GCFA, GCIH, CISSP, CISM, OSCP.
- Competitive compensation
- Comprehensive benefits
- Career success on your terms
- Flexible work environment
- Annual wellness and community outreach days
- Always on recognition for your contributions
- Global collaboration and networking opportunities
Our culture is rooted in values that inspire belonging, empower purpose and drive success‑every day, for everyone.
We encourage applications from individuals of all backgrounds, experiences, and perspectives. If you need accommodation during the application or interview process, please reach out to
How to ApplyInterested? Submit your application along with any supporting information— we can’t wait to hear from you!
Pay TransparencyConsistent with Proofpoint values and applicable law, we provide the following information to promote pay transparency and equity. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets as set out…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).