Engineer III, Cyber Threat Hunter (Cybersecurity)

TL;DR

Engineer III, Cyber Threat Hunter (Cybersecurity): Defending cloud and enterprise environments for Digital SAT and AP programs with an accent on threat hunting and detection engineering in AWS-heavy environments. Focus on building SIEM detections, executing hypothesis-driven hunts, and refining incident response playbooks to reduce visibility gaps.

Location: Remote (USA). Candidates living near offices have the option of a hybrid schedule (Tuesday and Wednesday in office).

Salary: $128,000–$139,000

Company

A self-sustaining nonprofit organization dedicated to connecting students to college success and opportunity.

What you will do

• Execute hypothesis-driven threat hunts across AWS, identity, endpoint, and network telemetry to identify control gaps.
• Build and tune SIEM detections (Sumo Logic) focusing on high-risk behaviors like IAM misuse, privilege escalation, and data exfiltration.
• Support the investigation and containment of security incidents, performing log analysis and scoping impact.
• Lead purple team exercises to validate detection effectiveness and partner with offensive teams to harden configurations.
• Develop lightweight automation and scripts in Python, PowerShell, or Bash to improve investigation speed and reporting.
• Map all detections and hunts to MITRE ATT&CK techniques to close visibility blind spots.

Requirements

• 3 to 5 years of experience in cyber defense, threat hunting, and incident response.
• Strong cloud security expertise in AWS-heavy environments using CloudTrail, IAM, VPC Flow Logs, and CloudWatch.
• Hands-on experience with SIEM analytics, specifically writing high-quality queries and building dashboards (Sumo Logic preferred).
• Proficiency in automation and scripting using Python, PowerShell, or Bash.
• Must be authorized to work in the United States for any employer.
• Excellent written and verbal communication skills for producing after-action reports and threat briefings.

Nice to have

• Relevant certifications such as GCIA, GCIH, GNFA, AWS Security Specialty, or Security+.
• Experience securing Kubernetes, containers, serverless architectures, and CI/CD pipelines.

Culture & Benefits

• Competitive, fair, and transparent compensation based on market data and location.
• Inclusive environment that values diverse backgrounds and experiences.
• Mission-driven work focusing on educational and career opportunities.
• Culture of continuous growth, iterative learning, and candid, respectful feedback.

Hiring process

• Application review and recruiter phone/video screen.
• Hiring manager interview and a performance exercise (e.g., live coding).
• Panel interview, leadership conversation, and reference checks.