Engineer III, Cyber Threat Hunter

🕒 May 1

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

The College Board

WebsiteLinkedInAll Job Openings

1001 - 5000 employees

Founded 1900

📚 Education

🤝 Non-profit

Education • Non-profit

The College Board is a mission-driven, not-for-profit organization dedicated to promoting excellence and equity in education. It connects students to college success and opportunity by supporting them in building essential skills for higher education and removing barriers to access. The College Board operates with a focus on respect, diversity, inclusion, and collaboration, with a diverse and dedicated team of professionals. Based in several locations across the United States, they strive to modernize operations and increase their digital footprint, supporting students and families nationwide.

📋 Description

• Execute hypothesis-driven threat hunts across AWS, identity, endpoint, and network telemetry, documenting findings and recommended control or detection improvements. • Build, tune, and maintain SIEM detections focused on high-risk behaviors such as IAM misuse, persistence, privilege escalation, and data access or exfiltration. • Reduce alert noise through structured tuning, baselining, and enrichment while preserving meaningful coverage. • Map detections and hunts to MITRE ATT&CK techniques to identify and close visibility gaps. • Support investigation and containment of security incidents, performing log analysis, scoping impact, and documenting findings. • Contribute to the development and refinement of incident response playbooks for common cloud and identity-based scenarios. • Produce clear after-action reports that identify root cause, control gaps, and prioritized remediation steps. • Participate in periodic tabletop or fire drill exercises to validate readiness and improve response coordination. • Participate in purple team exercises to validate detection effectiveness and help prioritize remediation of identified gaps. • Partner with offensive testing and engineering teams to translate findings into improved detections and hardened configurations. • Identify opportunities to strengthen logging, telemetry coverage, and control effectiveness across cloud and enterprise systems. • Develop lightweight automation and scripts to improve investigation speed, enrichment, and reporting consistency. • Maintain well-documented detection logic, hunt results, and response procedures to improve repeatability and team scalability. • Share threat insights and lessons learned with the broader security and engineering community through briefings or written updates.

🎯 Requirements

• 3 to 5 years of progressive experience in cyber defense, including threat hunting, detection engineering, and incident response in enterprise environments. • Strong cloud security experience in AWS-heavy environments, including building detections and investigations using cloud-native telemetry (for example CloudTrail, IAM, VPC Flow Logs, CloudWatch logs, and compute or container logs). • Hands-on experience developing, tuning, and maintaining SIEM detections and analytics, including writing high-quality queries, building dashboards, and improving signal-to-noise. • Experience with Sumo Logic is strongly preferred. • Ability to lead threat hunts end-to-end, including hypothesis creation, data collection, analysis, documentation of findings, and recommendations grounded in attacker TTPs and frameworks such as MITRE ATT&CK. • Experience supporting high-severity incident response, including triage, scoping, containment guidance, and deeper analysis, with comfort serving as an escalation point for complex investigations. • Practical knowledge of investigative and forensic methods, including log forensics, timeline analysis, evidence handling, and documentation, to support enterprise incident investigations and E-Discovery needs as required. • Experience planning or participating in purple team and detection validation activities to evaluate control effectiveness and improve alerting and response outcomes. • Ability to operationalize and optimize security tooling by integrating log sources, improving visibility, and aligning detection coverage to current threats and business risk. • Strong automation and scripting skills (for example Python, PowerShell, Bash) to streamline investigations, enrich alerts, and improve repeatability across hunting and response workflows. • Excellent written and verbal communication skills, including producing after-action reports, threat briefings, and clear, actionable remediation guidance for technical and non-technical stakeholders. • A collaborative mindset with experience partnering across engineering, architecture, and development teams, and mentoring junior analysts or engineers to raise team capability.

🏖️ Benefits

• Annual bonuses and opportunities for merit-based raises and promotions • A mission-driven workplace where your impact matters • A team that invests in your development and success