Cyber Threat & Response Engineer

Our client is an iconic global Fortune 500 company. In this role, you will step into the front lines of cyber defense as a Cyber Threat & Response Engineer – Level 3, a pivotal role in safeguarding the enterprise and industrial environments against evolving threats. This position is the heartbeat of our Cyber Defense Organization, where you’ll hunt, analyze, and neutralize sophisticated attacks before they escalate.

In this role, you’ll bridge the gap between rapid triage and deep-dive investigations. You will be expected to detect the undetectable, escalate with precision, and drive swift incident response to keep adversaries at bay.

We’re looking for a sharp technical mind with an insatiable curiosity for threat patterns, a proactive approach to risk mitigation, and the ability to thrive in high-stakes scenarios. If you’re ready to engineer resilience, outsmart attackers, and elevate cyber defense to the next level, this is your arena.

• Own the front lines:
  Monitor and dissect security alerts provided from managed services providers, SIEM, EDR, and advanced detection platforms to uncover potential threats before they strike.
• Investigate like a hunter:
  Dive deep into suspicious activity, correlating signals across multiple sources to reveal scope, impact, and adversary intent.
• Lead the charge:
  Drive containment, eradication, and recovery for low to moderately complex incidents—keeping attackers on the run.
• Escalate with precision:
  Deliver detailed, actionable intelligence to senior engineers and management, ensuring rapid and effective resolution.
• Close the loop:
  Support remediation during active incidents and contribute to post-incident reviews to strengthen defenses and eliminate gaps.

• Turn intel into action:
  Apply threat intelligence, behavioral analytics, and contextual data to sharpen detection and response capabilities.
• Engineer smarter defenses:
  Partner with detection engineering teams to design, test, and fine-tune detection rules and use cases.
• Analyze the unknown:
  Perform malware triage, log correlation, and network traffic inspection to uncover hidden threats.
• Stay ahead of the curve:
  Track evolving attacker tactics, techniques, and procedures (TTPs) and use that knowledge to outsmart adversaries.

• Bridge the gap:
  Work closely with IT, OT, and business units to validate alerts, gather context, and coordinate swift incident resolution.
• Drive the process:
  Capture investigation steps, findings, and actions with clarity and precision for future reference.
• Continuous improvement:
  Contribute to playbook enhancements, process improvements, and knowledge sharing.

• Senior-level expertise in leading complex investigations and responding to advanced cyber threats
• Skilled in malware analysis, threat hunting, and forensic investigations across diverse environments
• Proficient in developing detection logic and tuning analytics to identify sophisticated attacker behaviors
• Strong understanding of adversary TTPs and frameworks like MITRE ATT&CK and Cyber Kill Chain
• Hands-on experience with scripting languages (Python, Power Shell, Bash) to automate investigations, parse logs, and streamline incident response workflows
• Effective mentor and technical leader for junior analysts, fostering a culture of excellence in the SOC
• Experienced in coordinating incident response efforts and communicating findings to stakeholders
• Committed to continuous improvement of SOC processes, playbooks, and detection capabilities
• Strategic thinker with the ability to assess risk, lead under pressure, and drive operational maturity

• Bachelor’s degree in Cybersecurity, Information Technology, or technology field (completed and verified prior to start)

• OR

• High School diploma (completed and verified prior to start) and four (4) years of hands-on experience

• Five (5) years of experience in a SOC or cybersecurity operations role, with at least (2) two years in a senior or L3 capacity in a private, public, government or military environment

• Proficiency in analyzing alerts from SIEM, EDR, and network monitoring tools
• Familiarity with threat intelligence, advanced malware analysis, and log correlation techniques
• Ability to write and use scripts (Python, Power Shell, Bash) for automation, log parsing, and incident response tasks
• Understanding of common attack vectors, threat actor behaviors, and frameworks like MITRE ATT&CK
• Strong analytical and problem-solving skills with attention to detail
• Effective communicator with the ability to document investigations and collaborate with cross-functional teams
• Certifications such as CompTIA Security+, CySA+, or GCIH

Work location:

On site in Austin TX

Travel:
May include up to 10% domestic and international

Relocation Assistance:
Is Authorized

Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).