Sr. Cybersecurity Engineer- Threat Engineer- Remote

Job Overview

This Cybersecurity Engineer Senior Threat Engineer focuses on proactively identifying, investigating, and neutralizing sophisticated cyber threats that evade traditional defenses. Responsible for threat research, threat hunting, digital forensics, malware analysis, fullcycle incident response, and leading purple team exercises to collaboratively test, validate, and enhance detection/response capabilities. The position plays a critical role in minimizing adversary dwell time, closing detection gaps, and strengthening organizational resilience against advanced persistent threats (APTs), ransomware, nationstate actors, and emerging attack techniques.

The role functions as part of the Cybersecurity Operations team and collaborates crossfunctionally with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams to secure and defend against existing and emerging threats to the organization. It is expected to independently lead engagements from conception to completion, communicate technical details to partners and senior leadership, mentor junior staff, and provide technical direction to the program.

• Incident Response & Containment
• Serve as lead or escalation responder for highseverity incidents, including ransomware, data breaches, APT intrusions, and insider threats.
• Lead scoping, containment, eradication, and recovery efforts in coordination with crossfunctional teams.
• Reconstruct attack timelines, correlate events across sources, and produce detailed rootcause analyses and executive reports.
• Advanced Threat Research
• Partner with Threat Intelligence to conduct indepth research on emerging threats, attack vectors, threatactor TTPs, and indicators of compromise.
• Identify emerging and persistent threats to the organizations networks, systems and applications.
• Map adversary behaviors to frameworks such as MITRE ATT&CK, D3FEND, and Cyber Kill Chain.
• Proactive Threat Hunting
• Lead and execute threat hunting campaigns across endpoints, networks, cloud environments, identity systems, and logs to uncover hidden threats and signs of compromise.
• Analyze largescale telemetry (EDR, SIEM, UEBA, system logs) for behavioral anomalies, persistence mechanisms, and lateral movement.
• Identify detection gaps and collaborate with Detection Engineering team on creating or tuning new detection rules, signatures, and analytics.
• Lead coordinated efforts across Cyber teams to ensure effective delivery and tracking of intelligence driven evaluations and responses to threats.
• Create and maintain a Threat Library that can be used for executive and tactical reporting as well as tracking organizational action items.
• Digital Forensics & Malware Analysis
• Perform hostbased, memory, and network forensic investigations on suspected compromised systems.
• Conduct reverse engineering and static/dynamic analysis of malware, scripts, exploits, and tools used by adversaries.
• Preserve and analyze forensic artifacts while maintaining chain of custody.
• Purple Teaming & Improvement
• Lead purple team exercises, facilitating collaboration between offensive (red) and defensive (blue) teams to simulate realworld adversary TTPs, validate detection effectiveness, identify gaps in monitoring/response, and drive iterative improvements to security controls and processes.
• Design, scope, and execute purple team engagements, including adversary emulation, attackpath validation, and realtime feedback loops to enhance threat detection, hunting, and incident response playbooks.
• Collaboration & Knowledge Sharing
• Mentor and develop SOC team on hunt methodology, adversary TTP analysis, detection tuning and other advanced techniques.
• Partner with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams.
• Stay current with industry trends through conferences, research, and certifications.
• Additional Responsibilities
• Operate and mature process related to the threat hunting program across SOC teams and related security vendors/services.
• Develop a threat assessment/modeling framework documenting threats to aid in driving resiliency initiatives that require broader nonSOC business partner buyin.
• Security tooling assessments.
• Monitor, evaluate and manage any thirdparty hunt activities and provide recommendations.
• Maintain a shared library of threat research integrated with threat intelligence and detection libraries.
• Perform deepdive analysis on specific threats (e.g., tracking a ransomware groups evolution).
• Correlate internal telemetry (SIEM, logs, EDR data) with external threat intelligence.
• Apply intelligence to create use cases and detection rules through collaboration across teams.
• Run tabletop exercises or simulations based on current threat actor behavior.
• Update the threat hunt programs roadmap and tooling.
• Participate in intelligencesharing collaborations (e.g., with ISACs, government, or vendors).
• Develop and maintain security tools, scripts, frameworks and automation to scale hunt and IR.
• Create and update security documentation, policies and threat models as needed.
• Compile and analyze data for management reporting and metrics as directed.
• Perform other duties as assigned.

• Education/ Certifications
• BA/BS in Computer or Cybersecurity domain.
• At least one industryleading or seniorlevel cybersecurity certification (e.g., CISSP, GCTI, CTIA, CPTIA, MITRE MAD ATT&CK).
• Experience
• 8+ years of handson cybersecurity experience within onprem and cloud environments.
• 5+ years as a Threat Management and Operations analyst focused on threat hunt, intelligence, monitoring, and incident response.
• Experience in threat research, vulnerability research, malware analysis, and exploit investigation.
• Experience testing and managing detection rules in SIEMs.
• Experience with EDR, NDR and CDR solutions with a focus on policy/rule management.
• Strong understanding of MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain, Threat Hunting Frameworks.
• Solid understanding of networking (WAN, LAN, WLAN, Internet, Intranet, DMZ) and their combined effects on network and host security.
• Strong understanding of Windows, Linux/Unix platforms.
• Handson ability to handle multiple deliverables and manage priorities in a timesensitive environment.
• Excellent written and verbal technical communication skills, adapting for Csuite and nontechnical audiences.
• Collaborative mindset, embraces diverse people, thinking and styles.
• Preferred Experience
• Security Engineering experience with SIEM, EDR, Web Proxy, Email Security (ETP), and security testing platforms/frameworks.
• Preferred key industry certifications such as CEH, Security+, CISSP, CISA, CISM, GCIH.
• Familiarity with YARA, OpenIOC, Sigma, and STIX frameworks.
• Strong understanding of Cloud Infrastructure and Cloud Security.
• Experience with adversary emulation tools, Python scripting, and malware analysis.
• Strong understanding of software development tools and methodologies.
• Knowledge/Skills/Abilities
• Highly technical and detailed investigative skills with a genuine passion for cybersecurity.
• Ability to multitask and prioritize work effectively.
• Highly motivated selfstarter with strong sense of ownership and drive to manage tasks to completion.
• Complex criticalthinking and security analysis skills.
• Advanced written and verbal communication skills for a wide array of audiences.
• Ability to communicate technical risk details into easytounderstand language.
• Knowledge of threat research and adversary tactics and techniques frameworks.
• Ability to write succinct briefings, presentations, and reports conveying analysis, threat trends, and defensive strategies.
• Knowledge of current and emerging cyber adversaries and their techniques, tactics, and procedures (TTPs).
• Good judgment is required as direct supervision may not be immediately available.

• Remote Role : Classified as remote; associates may work from primary residence or office on a discretionary basis. May be required to travel to company offices or other locations as directed.
• Travel (minor) : Required to attend meetings or other business reasons at company offices, distribution centers, or other locations.
• Physical Environment/Demands : Office work in a temperaturecontrolled environment. Regular sitting at a desk or computer terminal; use of hands, arms, and voice. Requires use of calculators, keyboards, telephones, and other office equipment. Stooping, bending, twisting, and reaching may be required.

UNFI is North Americas premier grocery wholesaler, delivering the widest variety of fresh, branded, and ownedbrand products to community grocers and retail chains. A pioneer in natural and organic foods, we are growing and transforming to meet the needs of an evolving workplace. Our 29,000+ employees work across America in 50 distribution centers and corporate offices.

Competitive 401(k), flexible PTO or competitive PTO plan, remote or hybrid options, health benefits (first of the month following 30 days of employment), mentorship program, developmental opportunities, paid holidays and parental leave, medical, dental, vision, life, accidental death/dismemberment, short and longterm disability insurance, flexible spending or health savings account (subject to eligibility).

UNFI anticipates paying the abovereferenced pay rate (or within the abovereferenced pay range) for this position. Actual pay depends on education, experience, training, and applicable collective bargaining agreements. UNFI is committed to transparency in pay in compliance with applicable state and local laws.

UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. All qualified applicants will receive equal consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, protected veteran status, or other protected ground. Accommodation is available upon request for candidates taking part in all aspects of the job selection process. M/F/Veteran/Disability. VEVRAA Federal Contractor.

Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act.