Senior Engineer - Threat Hunting
Cboe Global Markets · Chicago, IL · 2 wk ago
HybridEngineering$131k–$169k/yrFull-time
Role Overview
The Senior Engineer Threat Hunting will be a senior individual contributor within Cboe’s Security Operations organization, responsible for defining, advancing, and executing the enterprise approach to detection engineering, threat hunting, and adversary emulation.
This role focuses on building and maturing detection capabilities across platforms such as SIEM, EDR, identity, cloud, and SaaS environments, ensuring detections are resilient, scalable, and aligned to real-world adversary behavior.
Owning the Enterprise Detection Engineering Capability
- Owning the enterprise detection engineering capability end-to-end, including standards, patterns, quality bars, and long-term technical direction
- Designing, implementing, and reviewing high-fidelity detections across endpoint, identity, cloud, network, and SaaS environments
Threat Hunting and Adversary Emulation
- Leading complex, hypothesis-driven threat hunts that address ambiguous, cross-organizational risk and novel attacker behavior
- Partnering with internal stakeholders to design and execute adversary emulation scenarios that validate real-world detection and response effectiveness
- Translating threat hunting outcomes into robust detections, improved telemetry, or architectural changes rather than one-off findings
Technical Lead During High Severity Incidents
- Acting as the technical lead during highest-severity incidents, guiding investigative approach and defensive improvements
Expert Recommendations and Best Practices
- Providing expert recommendations and best practices to security managers, technical managers, and stakeholders including legal and regulatory teams
Mentorship and Technical Bar Setting
- Mentoring senior engineers and analysts and setting the technical bar for excellence across detection, hunting, and adversary emulation
Continuous Learning and Industry Trends
- Staying current with industry trends, security standards, and best practices to ensure our systems remain secure against evolving threats
Requirements
- 5-8+ years of experience in cybersecurity operations, detection engineering, threat hunting, or offensive security
- Deep expertise in attacker tradecraft, adversary behaviors, and defensive detection techniques across multiple domains
- Strong hands-on experience with SIEM, EDR, cloud security platforms, and large-scale log analytics (Google SecOps, Defender XDR, Crowdstrike)
- A proven ability to solve ambiguous, systemic, cross-organizational security problems with minimal direction
- Experience balancing hands-on execution with strategic influence, knowing when to build directly and when to enable others
- The ability to operate with near-complete autonomy, setting technical direction rather than receiving it
- Strong communication skills, including the ability to explain complex technical risk to senior security and technology leaders
- Bachelor’s degree or equivalent practical experience
- Proficiency in scripting and automation for security operations
Preferred Qualifications
- Bachelor's Degree in Cybersecurity or Computer Science
- System Administration experience in Windows or Linux
- Proven ability to script and automate tasks
- Specific experience with Google Secops SIEM, the Microsoft Security Stack, or ProofPoint Email Security Services
- CISSP, CASP or other related security certifications