Jobs · Engineering

Senior Adversary Pursuit Engineer

Flock · United States · 2 wk ago
RemoteRemoteEngineering$140k–$175k/yrFull-time

About the role

Flock is a cybersecurity company that builds technology to reduce crime and protect privacy. We partner with cities, businesses, schools, and neighborhoods to enhance safety. Our technology supports over 1 million criminal investigations annually and helps solve approximately 20% of reported crimes.

Responsibilities

  • Mold the long-term threat hunting roadmap, including strategy, data ingestion requirements, and coverage metrics.
  • Help design, execute, and see complex threat hunting campaigns through to completion, taking ownership of specific threat verticals (e.g., cloud environments, specific APT groups).
  • Review junior and mid-level engineers' technical work, provide constructive feedback, and elevate the team's overall technical baseline.
  • Perform DFIR and adversary threat hunts across diverse environments (corporate systems, cloud - AWS/GCP/Azure, and operational technology networks).
  • Utilize enterprise security tooling (SIEM, EDR, etc.) and develop proprietary tools/scripts to scale the team's capabilities.
  • Utilize sandboxing technology to aid in the analysis of suspicious binaries and scripts; hands-on reverse engineering experience a plus.
  • Integrate security automation tools (Torq, Tines, SIEM native, etc.) and AI tooling (LLMs, agentic workflows) to accelerate security operations.
  • Map findings to the MITRE ATT&CK framework to identify coverage gaps and improve detection posture.
  • Create and tune high-fidelity detection rules (e.g., Splunk SPL, YARA, Sigma) based on hunt findings to prevent future recurrence.
  • Aid in the development of technical table top exercises, ensuring scenario applicability to the organization’s risk profile and align to real world cyber events.
  • Collaborate with Cybersecurity, Engineering, and Product teams to help plan, and execute threat hunts, providing detailed findings and data-backed recommendations for cybersecurity and architectural improvements.
  • Work closely with the Offensive Security team to help perform regular testing and validation of custom detection rules.
  • Assist with the development of technical table top exercises, ensuring scenario applicability to the organization’s risk profile and align to real world cyber events.
  • Perform deep-dive root cause analysis on complex security incidents.

Requirements

Over 5 years of cybersecurity experience, at least 3 of those years in the trenches focused on DFIR/Threat Hunts.

Qualifications

  • Extensive technical expertise in performing DFIR and adversary threat hunts, across diverse environments (corporate systems, cloud - AWS/GCP/Azure, and operational technology networks).
  • Deep experience utilizing enterprise security tooling (SIEM, EDR, etc.) as well as developing proprietary tools/scripts to scale the team’s capabilities.
  • Hands-on work with integrating security automation tools (Torq, Tines, SIEM native, etc.) and AI tooling (LLMs, agentic workflows) to accelerate security operations.
  • Well versed in using cyber threat intelligence to update requirements, prioritize collection sources and integrate technical TTPs to inform and prioritize hunts.
  • Experience utilizing sandboxing technology to aid in the analysis of suspicious binaries and scripts; hands-on reverse engineering experience a plus.
  • Experience with performing DFIR on Android IoT devices.
  • Experience with creating and tuning high-fidelity detection rules (e.g., Splunk SPL, YARA, Sigma) based on hunt findings to prevent future recurrence.
  • Experience with the MITRE ATT&CK framework to identify coverage gaps and improve detection posture.
  • Experience with developing technical table top exercises, ensuring scenario applicability to the organization’s risk profile and align to real world cyber events.
  • Experience with performing deep-dive root cause analysis on complex security incidents.

Skills

  • Leadership & Management: Mold the long-term threat hunting roadmap, including strategy, data ingestion requirements, and coverage metrics.
  • Technical Expertise: Extensive technical expertise in performing DFIR and adversary threat hunts, across diverse environments (corporate systems, cloud - AWS/GCP/Azure, and operational technology networks).
  • Operational & Collaboration Skills: Collaborate with Cybersecurity, Engineering, and Product teams to help plan, and execute threat hunts, providing detailed findings and data-backed recommendations for cybersecurity and architectural improvements.

Pay

$140,000 - $175,000 base salary, with Flock Stock Options.

Schedule

Full-time, remote work.

Benefits

  • Flexible PTO
  • Health benefits plan
  • Parental leave
  • Fertility & Family Benefits
  • Mental health benefits
  • Caregiver support
  • Tax advisor sessions
  • Employee resource groups
  • WFH stipend
  • Productivity stipend
  • Home office stipend

Benefits

Includes Criminal Justice Information Services (CJIS) certification as a condition of employment.

Equal Opportunity Employer

Flock is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Similar jobs

Senior Software Engineer

Clover HealthUnited States· 3 mo ago
RemoteEngineering$195k–$220k/yrapply on job-boards.greenhouse.io