Senior Adversary Pursuit Engineer
Flock · United States · 2 wk ago
RemoteRemoteEngineering$140k–$175k/yrFull-time
About the role
Flock is a cybersecurity company that builds technology to reduce crime and protect privacy. We partner with cities, businesses, schools, and neighborhoods to enhance safety. Our technology supports over 1 million criminal investigations annually and helps solve approximately 20% of reported crimes.
Responsibilities
- Mold the long-term threat hunting roadmap, including strategy, data ingestion requirements, and coverage metrics.
- Help design, execute, and see complex threat hunting campaigns through to completion, taking ownership of specific threat verticals (e.g., cloud environments, specific APT groups).
- Review junior and mid-level engineers' technical work, provide constructive feedback, and elevate the team's overall technical baseline.
- Perform DFIR and adversary threat hunts across diverse environments (corporate systems, cloud - AWS/GCP/Azure, and operational technology networks).
- Utilize enterprise security tooling (SIEM, EDR, etc.) and develop proprietary tools/scripts to scale the team's capabilities.
- Utilize sandboxing technology to aid in the analysis of suspicious binaries and scripts; hands-on reverse engineering experience a plus.
- Integrate security automation tools (Torq, Tines, SIEM native, etc.) and AI tooling (LLMs, agentic workflows) to accelerate security operations.
- Map findings to the MITRE ATT&CK framework to identify coverage gaps and improve detection posture.
- Create and tune high-fidelity detection rules (e.g., Splunk SPL, YARA, Sigma) based on hunt findings to prevent future recurrence.
- Aid in the development of technical table top exercises, ensuring scenario applicability to the organization’s risk profile and align to real world cyber events.
- Collaborate with Cybersecurity, Engineering, and Product teams to help plan, and execute threat hunts, providing detailed findings and data-backed recommendations for cybersecurity and architectural improvements.
- Work closely with the Offensive Security team to help perform regular testing and validation of custom detection rules.
- Assist with the development of technical table top exercises, ensuring scenario applicability to the organization’s risk profile and align to real world cyber events.
- Perform deep-dive root cause analysis on complex security incidents.
Requirements
Over 5 years of cybersecurity experience, at least 3 of those years in the trenches focused on DFIR/Threat Hunts.
Qualifications
- Extensive technical expertise in performing DFIR and adversary threat hunts, across diverse environments (corporate systems, cloud - AWS/GCP/Azure, and operational technology networks).
- Deep experience utilizing enterprise security tooling (SIEM, EDR, etc.) as well as developing proprietary tools/scripts to scale the team’s capabilities.
- Hands-on work with integrating security automation tools (Torq, Tines, SIEM native, etc.) and AI tooling (LLMs, agentic workflows) to accelerate security operations.
- Well versed in using cyber threat intelligence to update requirements, prioritize collection sources and integrate technical TTPs to inform and prioritize hunts.
- Experience utilizing sandboxing technology to aid in the analysis of suspicious binaries and scripts; hands-on reverse engineering experience a plus.
- Experience with performing DFIR on Android IoT devices.
- Experience with creating and tuning high-fidelity detection rules (e.g., Splunk SPL, YARA, Sigma) based on hunt findings to prevent future recurrence.
- Experience with the MITRE ATT&CK framework to identify coverage gaps and improve detection posture.
- Experience with developing technical table top exercises, ensuring scenario applicability to the organization’s risk profile and align to real world cyber events.
- Experience with performing deep-dive root cause analysis on complex security incidents.
Skills
- Leadership & Management: Mold the long-term threat hunting roadmap, including strategy, data ingestion requirements, and coverage metrics.
- Technical Expertise: Extensive technical expertise in performing DFIR and adversary threat hunts, across diverse environments (corporate systems, cloud - AWS/GCP/Azure, and operational technology networks).
- Operational & Collaboration Skills: Collaborate with Cybersecurity, Engineering, and Product teams to help plan, and execute threat hunts, providing detailed findings and data-backed recommendations for cybersecurity and architectural improvements.
Pay
$140,000 - $175,000 base salary, with Flock Stock Options.
Schedule
Full-time, remote work.
Benefits
- Flexible PTO
- Health benefits plan
- Parental leave
- Fertility & Family Benefits
- Mental health benefits
- Caregiver support
- Tax advisor sessions
- Employee resource groups
- WFH stipend
- Productivity stipend
- Home office stipend
Benefits
Includes Criminal Justice Information Services (CJIS) certification as a condition of employment.
Equal Opportunity Employer
Flock is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.