Sr. Cybersecurity Engineer- Threat Engineer- Remote

Job Overview

This Cybersecurity Engineer Senior – Threat Engineer focuses on proactively identifying, investigating, and neutralizing sophisticated cyber threats that evade traditional defenses. Responsible for threat research, threat hunting, digital forensics, malware analysis, full‑cycle incident response, and leading purple team exercises to collaboratively test, validate, and enhance detection/response capabilities. The position plays a critical role in minimizing adversary dwell time, closing detection gaps, and strengthening organizational resilience against advanced persistent threats (APTs), ransomware, nation‑state actors, and emerging attack techniques.

The role functions as part of the Cybersecurity Operations team and collaborates cross‑functionally with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams to secure and defend against existing and emerging threats to the organization. It is expected to independently lead engagements from conception to completion, communicate technical details to partners and senior leadership, mentor junior staff, and provide technical direction to the program.

Job Responsibilities

• Incident Response & Containment
• Serve as lead or escalation responder for high‑severity incidents, including ransomware, data breaches, APT intrusions, and insider threats.
• Lead scoping, containment, eradication, and recovery efforts in coordination with cross‑functional teams.
• Reconstruct attack timelines, correlate events across sources, and produce detailed root‑cause analyses and executive reports.
• Advanced Threat Research
• Partner with Threat Intelligence to conduct in‑depth research on emerging threats, attack vectors, threat‑actor TTPs, and indicators of compromise.
• Identify emerging and persistent threats to the organization’s networks, systems and applications.
• Map adversary behaviors to frameworks such as MITRE ATT&CK, D3FEND, and Cyber Kill Chain.
• Proactive Threat Hunting
• Lead and execute threat hunting campaigns across endpoints, networks, cloud environments, identity systems, and logs to uncover hidden threats and signs of compromise.
• Analyze large‑scale telemetry (EDR, SIEM, UEBA, system logs) for behavioral anomalies, persistence mechanisms, and lateral movement.
• Identify detection gaps and collaborate with Detection Engineering team on creating or tuning new detection rules, signatures, and analytics.
• Lead coordinated efforts across Cyber teams to ensure effective delivery and tracking of intelligence driven evaluations and responses to threats.
• Create and maintain a Threat Library that can be used for executive and tactical reporting as well as tracking organizational action items.
• Digital Forensics & Malware Analysis
• Perform host‑based, memory, and network forensic investigations on suspected compromised systems.
• Conduct reverse engineering and static/dynamic analysis of malware, scripts, exploits, and tools used by adversaries.
• Preserve and analyze forensic artifacts while maintaining chain of custody.
• Purple Teaming & Improvement
• Lead purple team exercises, facilitating collaboration between offensive (red) and defensive (blue) teams to simulate real‑world adversary TTPs, validate detection effectiveness, identify gaps in monitoring/response, and drive iterative improvements to security controls and processes.
• Design, scope, and execute purple team engagements, including adversary emulation, attack‑path validation, and real‑time feedback loops to enhance threat detection, hunting, and incident response playbooks.
• Collaboration & Knowledge Sharing
• Mentor and develop SOC team on hunt methodology, adversary TTP analysis, detection tuning and other advanced techniques.
• Partner with Threat Intelligence, Threat Emulation, GRC, Cybersecurity Architecture and Engineering teams.
• Stay current with industry trends through conferences, research, and certifications.
• Additional Responsibilities
• Operate and mature process related to the threat hunting program across SOC teams and related security vendors/services.
• Develop a threat assessment/modeling framework documenting threats to aid in driving resiliency initiatives that require broader non‑SOC business partner buy‑in.
• Security tooling assessments.
• Monitor, evaluate and manage any third‑party hunt activities and provide recommendations.
• Maintain a shared library of threat research integrated with threat intelligence and detection libraries.
• Perform deep‑dive analysis on specific threats (e.g., tracking a ransomware group’s evolution).
• Correlate internal telemetry (SIEM, logs, EDR data) with external threat intelligence.
• Apply intelligence to create use cases and detection rules through collaboration across teams.
• Run tabletop exercises or simulations based on current threat actor behavior.
• Update the threat hunt program’s roadmap and tooling.
• Participate in intelligence‑sharing collaborations (e.g., with ISACs, government, or vendors).
• Develop and maintain security tools, scripts, frameworks and automation to scale hunt and IR.
• Create and update security documentation, policies and threat models as needed.
• Compile and analyze data for management reporting and metrics as directed.
• Perform other duties as assigned.

Job Requirements

• Education/ Certifications
• BA/BS in Computer or Cybersecurity domain.
• At least one industry‑leading or senior‑level cybersecurity certification (e.g., CISSP, GCTI, CTIA, CPTIA, MITRE MAD ATT&CK).
• Experience
• 8+ years of hands‑on cybersecurity experience within on‑prem and cloud environments.
• 5+ years as a Threat Management and Operations analyst focused on threat hunt, intelligence, monitoring, and incident response.
• Experience in threat research, vulnerability research, malware analysis, and exploit investigation.
• Experience testing and managing detection rules in SIEMs.
• Experience with EDR, NDR and CDR solutions with a focus on policy/rule management.
• Strong understanding of MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain, Threat Hunting Frameworks.
• Solid understanding of networking (WAN, LAN, WLAN, Internet, Intranet, DMZ) and their combined effects on network and host security.
• Strong understanding of Windows, Linux/Unix platforms.
• Hands‑on ability to handle multiple deliverables and manage priorities in a time‑sensitive environment.
• Excellent written and verbal technical communication skills, adapting for C‑suite and non‑technical audiences.
• Collaborative mindset, embraces diverse people, thinking and styles.
• Preferred Experience
• Security Engineering experience with SIEM, EDR, Web Proxy, Email Security (ETP), and security testing platforms/frameworks.
• Preferred key industry certifications such as CEH, Security+, CISSP, CISA, CISM, GCIH.
• Familiarity with YARA, OpenIOC, Sigma, and STIX frameworks.
• Strong understanding of Cloud Infrastructure and Cloud Security.
• Experience with adversary emulation tools, Python scripting, and malware analysis.
• Strong understanding of software development tools and methodologies.
• Knowledge/Skills/Abilities
• Highly technical and detailed investigative skills with a genuine passion for cybersecurity.
• Ability to multitask and prioritize work effectively.
• Highly motivated self‑starter with strong sense of ownership and drive to manage tasks to completion.
• Complex critical‑thinking and security analysis skills.
• Advanced written and verbal communication skills for a wide array of audiences.
• Ability to communicate technical risk details into easy‑to‑understand language.
• Knowledge of threat research and adversary tactics and techniques frameworks.
• Ability to write succinct briefings, presentations, and reports conveying analysis, threat trends, and defensive strategies.
• Knowledge of current and emerging cyber adversaries and their techniques, tactics, and procedures (TTPs).
• Good judgment is required as direct supervision may not be immediately available.

Work Environment

• Remote Role: Classified as remote; associates may work from primary residence or office on a discretionary basis. May be required to travel to company offices or other locations as directed.
• Travel (minor): Required to attend meetings or other business reasons at company offices, distribution centers, or other locations.
• Physical Environment/Demands: Office work in a temperature‑controlled environment. Regular sitting at a desk or computer terminal; use of hands, arms, and voice. Requires use of calculators, keyboards, telephones, and other office equipment. Stooping, bending, twisting, and reaching may be required.

About UNFI

UNFI is North America’s premier grocery wholesaler, delivering the widest variety of fresh, branded, and owned‑brand products to community grocers and retail chains. A pioneer in natural and organic foods, we are growing and transforming to meet the needs of an evolving workplace. Our 29,000+ employees work across America in 50 distribution centers and corporate offices.

Benefits

Competitive 401(k), flexible PTO or competitive PTO plan, remote or hybrid options, health benefits (first of the month following 30 days of employment), mentorship program, developmental opportunities, paid holidays and parental leave, medical, dental, vision, life, accidental death/dismemberment, short‑ and long‑term disability insurance, flexible spending or health savings account (subject to eligibility).

Compensation

UNFI anticipates paying the above‑referenced pay rate (or within the above‑referenced pay range) for this position. Actual pay depends on education, experience, training, and applicable collective bargaining agreements. UNFI is committed to transparency in pay in compliance with applicable state and local laws.

Equal Opportunity Employer

UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. All qualified applicants will receive equal consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, protected veteran status, or other protected ground. Accommodation is available upon request for candidates taking part in all aspects of the job selection process.

M/F/Veteran/Disability. VEVRAA Federal Contractor.

Legal Notice

Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act.