Senior Manager, Threat Intelligence & Detection (Hybrid - Seattle)

About the position

Responsibilities

• Develop and execute the strategic roadmap for threat intelligence, detection engineering, and threat hunting programs across multiple business units
• Build, lead, and mentor a high-performing team of detection engineers, threat analysts, and hunters
• Serve as the primary subject matter expert and strategic advisor to executive leadership on evolving threat landscapes, defensive priorities, and organizational risk posture
• Operationalize threat intelligence by integrating internal and external intel into detection engineering workflows
• Maintain and evolve threat intelligence sources (commercial, open-source, government) to inform risk posture and detection priorities
• Deliver actionable threat assessments and briefings tailored to technical and executive stakeholders
• Lead the full detection engineering lifecycle including threat modeling, detection logic development using query languages (KQL, SPL, SQL), testing with attack simulation frameworks, automated deployment via CI/CD, and continuous tuning based on performance metrics
• Drive development of advanced behavior-based, anomaly detections, and AI/ML-powered detection systems aligned with MITRE ATT&CK and emerging threat actor TTPs
• Establish strategic partnerships with red team, SOC and incident response management to ensure comprehensive detection coverage and proactive visibility gap closure
• Lead enterprise-wide collaboration with cloud architects, infrastructure leadership, and application development teams to enhance telemetry strategies and ensure scalable detection across complex hybrid and multi-cloud environments
• Drive strategic contributions to enterprise incident response frameworks, lead tabletop exercises, and oversee purple team program development to continuously test and improve organizational defenses
• Champion automation initiatives and establish data-driven decision-making frameworks across all threat detection and response operations
• Define, implement, and report on enterprise-level key performance indicators (KPIs) for detection effectiveness, operational efficiency, false positive optimization, and mean time to detection (MTTD) across the organization
• Integrate security detection into CI/CD pipelines and support DevSecOps initiatives
• Manage budgets, vendor relationships, and technology investments for threat intelligence and detection engineering programs
• Establish and maintain strategic relationships with industry peers, threat intelligence communities, and security vendors

Requirements

• Bachelors Degree in Information Technology, Computer Science, Data Science or related experience required.
• 8+ years in information security with a focus on threat intelligence, detection engineering, or security operations
• 3-5 years in a leadership or management role with a track record of leading high-performing technical teams
• Deep expertise in attacker behaviors, threat actor TTPs, campaigns, and threat landscape evolution across multiple industry verticals
• Extensive experience designing, implementing, and optimizing enterprise-scale detections across multiple SIEMs (e.g., Splunk, Sentinel, Chronicle), EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne), and cloud-native security tools
• Strong working knowledge of MITRE ATT&CK, threat modeling, and structured threat intelligence formats (e.g., STIX, TAXII)
• Proficiency in Python, PowerShell, and at least one other programming language for detection engineering and automation
• Experience with detection-as-code practices and version control (Git)
• Knowledge of threat hunting methodologies and hypothesis-driven investigations
• Comprehensive understanding of NIST Cybersecurity Framework, ISO 27001, SOC 2, and other compliance requirements with implementation experience
• Hands-on experience in cloud environments (AWS, Azure, GCP) and containerized workloads (e.g., Kubernetes, ECS) preferred

Nice-to-haves

• Experience with threat intelligence platforms (e.g., ThreatConnect, MISP, Anomali) and CTI frameworks (e.g., Diamond Model, Kill Chain) is a plus
• Advanced knowledge of SOAR platforms (Phantom, Demisto, Swimlane) and enterprise security orchestration
• Experience with AI/ML-driven detection systems and automated response orchestration is a plus
• API development and integration for security tooling experience preferred
• Container security and Kubernetes threat detection knowledge is a plus
• Experience with deception technology and honeypot deployment preferred
• Industry certifications (e.g., GCTI, GCIA, GDAT, GCED, GCFA, GSEC, CISSP) preferred; cloud security certifications (AWS Security Specialty, Azure Security Engineer) are a plus

Benefits

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources

Apply tot his job Apply To this Job