Cyber Threat Management Analyst – Specialist

Vanguard

Cyber Threat Management Analyst conducting threat hunting operations for Vanguard. Leveraging advanced analytics and MITRE ATT&CK framework for actionable detections in security environments.

Posted 5/19/2026full-timeMalvern • North Carolina, Pennsylvania, Texas • 🇺🇸 United StatesMid-LevelSeniorWebsite

Tech Stack

Tools & technologies

CloudPythonSQL

About the role

Key responsibilities & impact

Lead proactive threat hunting operations across enterprise environments, including adversary emulations, live hunts, and investigative assessments.
Identify anomalous behaviors and translate findings into actionable detections.
Apply hypothesis-driven hunting methodologies, leveraging threat intelligence, behavioral analytics, and the MITRE ATT&CK framework to identify gaps in detection and control coverage.
Analyze telemetry across the enterprise security stack (endpoint, network, identity, cloud, email, SIEM/XDR) and pivot across datasets to identify advanced threats and hidden attacker activity.
Identify and validate adversary techniques, mapping observed activity to ATT&CK and informing improvements to detection logic, alerting, and response workflows.
Enhance detection engineering efforts by developing, tuning, and validating rules, analytics, and behavioral detections based on hunt findings and adversary simulations.
Leverage scripting and automation (e.g., Python, PowerShell, KQL, SQL) to scale threat hunting activities, enrich data, and improve investigative efficiency.
Utilize advanced analytics and AI-assisted techniques to accelerate the identification of suspicious or malicious activity.
Collaborate across CSOC and engineering teams to validate findings, operationalize detections, and strengthen defensive capabilities.
Produce clear and actionable reporting, including hunt reports, detection gap analyses, and executive summaries that translate technical findings into business risk and recommended actions.
Support incident response when required, providing deep investigative expertise, threat context, and rapid escalation of critical findings.
Mentor and guide team members, sharing threat hunting methodologies, tooling expertise, and investigative techniques to improve overall team capability and maturity.
Continuously evaluate and improve hunt processes, tooling, and methodologies to advance threat hunting maturity and operational effectiveness.

Requirements

What you’ll need

3 - 5 years of experience in threat hunting, detection engineering, incident response, or security operations
Strong understanding of threat actor tactics, techniques, and procedures (TTPs) and modern attack methodologies
Hands-on experience with enterprise telemetry and security platforms (EDR, SIEM, network monitoring, cloud security tools)
Proven application of the MITRE ATT&CK framework for threat detection, gap analysis, and adversary mapping
Proficiency in scripting and query languages (Python, PowerShell, KQL, SQL, or equivalent)
Experience with data analysis and large-scale investigation workflows
Strong written and verbal communication skills, with the ability to translate technical findings into business-relevant risk
Experience working in cross-functional security teams (SOC, IR, Threat Intelligence, Detection Engineering)
Relevant certifications (e.g., CISSP, GCFA, GCIH, GCDA, or equivalent) preferred

Benefits

Comp & perks

comprehensive health and wellness care
work-life balance
investment in your future

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

threat huntingdetection engineeringincident responsesecurity operationsthreat intelligencebehavioral analyticsMITRE ATT&CKscriptingdata analysisinvestigative assessments

Soft Skills

communicationmentoringcollaborationreportingproblem-solvinganalytical thinkingteam leadershipadaptabilitycritical thinkingattention to detail

Certifications

CISSPGCFAGCIHGCDA