Senior Staff Threat Hunter – Intelligence Engineer
Databricks
full-time
Posted on:
Location Type: Remote
Location: Remote • California • 🇺🇸 United States
Visit company websiteSalary
💰 $209,600 - $293,375 per year
Job Level
Senior
Tech Stack
AWSAzureCloudCyber SecurityGoogle Cloud PlatformKubernetesLinuxMacOSPySparkPythonUnity
About the role
- Define the strategic vision and roadmap for a structured, repeatable threat hunting program using hypothesis-driven methodologies aligned with industry frameworks.
- Develop Databricks-based hunting capabilities and logic to analyse security telemetry at a massive scale across our multi-cloud environment.
- Build reusable hunting notebooks and automated intelligence pipelines using Databricks workflows.
- Serve as the technical authority for threat hunting across Security, influencing detection strategy and incident response capabilities.
- Mentor and develop threat hunting capabilities across the security organization.
- Operationalize threat intelligence from multiple sources into actionable hunting hypotheses.
- Work with internal partners to develop and maintain Priority Intelligence Requirements (PIRs).
- Build automated enrichment pipelines using Databricks to correlate intelligence with internal telemetry.
- Produce intelligence assessments on threats relevant to our business.
- Represent Databricks in external security communities and industry working groups on advanced threat topics.
- Architect scalable hunting infrastructure using Databricks notebooks, Delta Lake, and Unity Catalog.
- Develop libraries of reusable detection logic and hunting queries optimized for distributed computing.
- Build automated workflows for threat intelligence ingestion, enrichment, and correlation.
- Create dashboards and visualizations for threat exposure and hunt findings.
- Integrate security tools with Databricks platform.
Requirements
- 12+ years in cybersecurity with 6+ years focused on threat hunting, threat intelligence, or detection engineering.
- Deep expertise with nation-state and e-crime threat actors’ TTPs, trends, and historical targets.
- Experience working with large-scale security datasets and big data platforms.
- Strong Python programming experience with a background in PySpark, distributed computing frameworks, or Databricks’ platform.
- Deep understanding of cloud security across AWS, Azure, and GCP—including cloud-native logging, security controls, and container/Kubernetes security.
- Strong knowledge of OS internals across macOS, Linux, and containerized environments.
- Experience with enterprise-scale software development practices including infrastructure-as-code, code review, and large codebase management.
- Demonstrated experience conducting hypothesis-driven threat hunts with measurable outcomes.
- Experience defining and driving multi-year security program strategy.
- Thought leadership around the application of cybersecurity frameworks, such as MITRE ATT&CK and D3FEND.
- Applied CTI skills including consuming and operationalizing IOCs/TTPs, tracking campaigns, and conducting research.
- Experience influencing technical decisions beyond your immediate team.
- A track record of mentoring Staff+ engineers.
Benefits
- Health insurance
- 401(k) matching
- Flexible work hours
- Paid time off
- Remote work options
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
PythonPySparkDatabricksDelta LakeUnity Cataloghypothesis-driven methodologiesinfrastructure-as-codebig data platformscloud securityOS internals
Soft skills
mentoringinfluencingthought leadershipcommunicationcollaborationstrategic visionorganizational skillsproblem-solvingtechnical authorityresearch