Skip to main content
a person standing in a room with a glass railing

Description

About the Job:

The Senior Threat Hunt Engineer is an advanced and highly trusted role supporting the enterprise cybersecurity program. As a member of Northwestern Mutual's Threat Hunting Program under the Threat Intelligence umbrella, the Senior Threat Hunt Engineer is primarily responsible for developing and maintaining the operational and technical foundation of the program including automation, tooling integration, detection handoff pipelines, and AI-assisted hunt workflows. Grounded in threat intelligence and hunt experience, the Senior Threat Hunt Engineer also executes proactive and signal-driven hunts across endpoint, network, cloud, and identity telemetry, translating findings into durable detections and institutional knowledge.

This role works closely with internal technical teams — including Threat Intelligence, Detection & Response, Detection Engineering, Adversarial Simulation, Purple Team, Incident Command, and Governance, Risk & Compliance — and with peer organizations, industry-sharing groups, and law enforcement affiliations where appropriate. The Senior Threat Hunt Engineer supports the hunt community across Cyber Defense, contributes engineering rigor to hunt artifacts, and ensures repeatable, version-controlled hunt processes as the program matures from manual to increasingly automated operations.

What You'll Do:

  • Maintain and mature the operational hunt framework used across Cyber Defense. Build, document, and refine the templates, integrations, and standards hunters from multiple teams follow.

  • Design, build, and maintain integrations and automation across the hunt lifecycle — spanning work-tracking, collaboration, ticketing, knowledge management, SIEM, EDR, threat intelligence platforms, and reporting.

  • Execute hunts and support the hunt community across teams. Perform proactive and signal-driven hunts, respond to hunt questions from hunters across Cyber Defense, and partner with Threat Intelligence to translate hunt-informed analysis into actionable intelligence. Synthesize hunt outcomes into cross-hunt correlations, control gap identification, and inputs to future hunts and detections.

  • Partner with detection engineering to translate hunt findings into production rules and analytics. Contribute detection candidates through the established handoff pipeline.

  • Consume and apply threat intelligence to hunt activity. Track adversary and threat cluster TTPs relevant to Northwestern Mutual, prioritize what matters, and translate intel into hunt hypotheses.

  • Mentor analysts and junior hunters. Pair on investigations, lead technical deep-dives, and grow the hunt capability across teams.

  • Report on program outcomes. Communicate findings to internal stakeholders — what was found, what was contained, where detection coverage gaps exist, and what was changed as a result.

  • Evaluate, integrate, and maintain security tooling used by the Threat Hunting Program, including threat intelligence platforms, enrichment services, and hunt-supporting analytical tools.

  • Evaluate and integrate AI to accelerate hunt workflows, including hypothesis drafting, MITRE ATT&CK mapping suggestion, query generation, and summarization, with appropriate human review and tracking.

  • Research current and emerging cyber threats facing the business and industry sector.

  • Track threat actors, threat clusters, and associated malware families relevant to Northwestern Mutual and the financial services sector.

  • Document threats into contextual reports outlining severity, urgency, and impact, and ensure they can be understood by both leadership and technical teams.

  • Serve as a trusted advisor to maintain credibility with business unit leadership and technical teams.

  • Actively inform and engage in security projects across the business to disrupt active or potential threats.

  • Participate in collaborative threat analysis discussions with internal and external trusted entities.

  • Perform other duties as assigned.

What You'll Bring to the Role:

  • A minimum of 5-10 years in threat intelligence, threat hunting, incident response, or detection engineering, with meaningful experience across both threat intelligence and threat hunting disciplines.

  • Bachelor's degree in computer science, cybersecurity, engineering, or a related field (or equivalent experience).

  • Relevant certifications such as GCTI, GCIH, GCFA, GCIA, GCDA, OSCP, CEH, or CISSP are a plus. Cloud-focused security certifications (e.g., AWS Security Specialty, GCP Professional Cloud Security Engineer) are also valued.

  • Deep hands-on experience running proactive and signal-driven hunts across SIEM, EDR, network, cloud, and identity telemetry in enterprise environments.

  • Strong scripting and automation skills; Python required, with additional experience in PowerShell, Bash, or equivalent a plus.

  • Deep hands-on experience with enterprise SIEM search languages, including advanced query development, dashboard building, saved searches, alerting, and query optimization at enterprise scale.

  • Hands-on experience developing and consuming REST APIs across security tooling — including work-tracking, collaboration, ticketing, SIEM, EDR, and threat intelligence platforms.

  • Demonstrated experience building event-driven automation using webhooks or similar integration patterns.

  • Experience building, integrating, and maintaining security tooling and workflows at enterprise scale.

  • Working knowledge of version control workflows, branching strategies, and code review practices.

  • Ability to write clear technical documentation for automation and integrations, including runbooks for maintenance and troubleshooting.

  • Ability to communicate complex findings clearly to both technical and leadership audiences.

  • Advanced analytical reasoning skills.

  • Applicable knowledge of adversary tactics, techniques, and procedures (TTPs), the MITRE ATT&CK framework, the unified kill chain, and open-source intelligence (OSINT).

  • Hands-on experience with SIEM, intrusion detection/prevention systems, threat intelligence platforms, and security orchestration and automation platforms.

  • Ability to analyze host, network, cloud, and identity telemetry; strong understanding of operating system internals; working knowledge of malware behavior, vulnerabilities, and exploitation techniques.

  • Experience with incident collaboration, adversary tooling, and threat-informed defense methodology.

  • Capable of working with diverse teams across Cyber Defense; comfortable operating in a cross-team enablement role rather than a single-team hunt queue.

  • Demonstrated understanding of network, host, cloud, and identity cybersecurity solutions.

  • Ability to maintain a high level of integrity, trustworthiness, and confidence, with the highest level of professionalism.

  • Strong project management, multitasking, and organizational skills with minimum guidance.

  • Ability to preserve credibility with the team and external constituents through sustained industry knowledge.

  • Self-starter requiring minimal supervision.

Nice to Have Skills:

  • Experience with AI-assisted security workflows and appropriate operational guardrails.

  • Familiarity with structured, version-controlled hunt methodologies.

  • Experience building and maintaining CI/CD pipelines for security content.

  • Experience building or contributing to a new or evolving threat hunt or detection engineering program, as opposed to only operating within an established one.

  • Experience with SOAR platforms and playbook development.

  • Experience with cloud-native security tooling and cloud API integration.

  • Experience in financial services or another regulated industry.

  • Contributions to open-source security tooling, published research, or public threat intelligence.

#LI-Hybrid

Compensation Range:

Pay Range - Start:

$118,960.00

Pay Range - End:

$178,440.00

Geographic Specific Pay Structure:

Structure 110:

$130,880.00 USD - $196,320.00 USD

Structure 115:

$136,800.00 USD - $205,200.00 USD

We believe in fairness and transparency. It’s why we share the salary range for most of our roles. However, final salaries are based on a number of factors, including the skills and experience of the candidate; the current market; location of the candidate; and other factors uncovered in the hiring process. The standard pay structure is listed but if you’re living in California, New York City or other eligible location, geographic specific pay structures, compensation and benefits could be applicable, click here to learn more.

Grow your career with a best-in-class company that puts our clients' interests at the center of all we do. Get started now!

Northwestern Mutual is an equal opportunity employer that welcomes talented individuals of all backgrounds. We are committed to creating and maintaining an environment in which each employee can contribute creative ideas, seek challenges, assume leadership and continue to focus on meeting and exceeding business and personal objectives.

FIND YOUR FUTURE

We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and our commitment to a culture of belonging.

Join Our Talent Community

Learn about upcoming career opportunities and events at Northwestern Mutual

Join