Cyber Threat Management Analyst, Specialist

Cyber Threat Management Analyst, Specialist

Apply (

locations

Malvern, PA

Charlotte, NC

Dallas/Ft. Worth, TX

time type

Full time

posted on

Posted 7 Days Ago

time left to apply

End Date: June 2, 2026 (7 days left to apply)

job requisition id

178190

Global Risk and Security(GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, theEnterprise Security and Fraud(ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Core Responsibilities

• Lead proactive threat hunting operationsacross enterprise environments, including adversary emulations, live hunts, and investigative assessments. Identify anomalous behaviors and translate findings into actionable detections.

• Apply hypothesis-driven hunting methodologies, leveraging threat intelligence, behavioral analytics, and the MITRE ATT&CK framework to identify gaps in detection and control coverage.

• Analyze telemetry across the enterprise security stack(endpoint, network, identity, cloud, email, SIEM/XDR) and pivot across datasets to identify advanced threats and hidden attacker activity.

• Identify and validate adversary techniques, mapping observed activity to ATT&CK and informing improvements to detection logic, alerting, and response workflows.

• Enhance detection engineering effortsby developing, tuning, and validating rules, analytics, and behavioral detections based on hunt findings and adversary simulations.

• Leverage scripting and automation(e.g., Python, PowerShell, KQL, SQL) to scale threat hunting activities, enrich data, and improve investigative efficiency.

• Utilize advanced analytics and AI-assisted techniquesto accelerate the identification of suspicious or malicious activity.

• Collaborate across CSOC and engineering teamsto validate findings, operationalize detections, and strengthen defensive capabilities.

• Produce clear and actionable reporting, including hunt reports, detection gap analyses, and executive summaries that translate technical findings into business risk and recommended actions.

• Support incident response when required, providing deep investigative expertise, threat context, and rapid escalation of critical findings.

• Mentor and guide team members, sharing threat hunting methodologies, tooling expertise, and investigative techniques to improve overall team capability and maturity.

• Continuously evaluate and improve hunt processes, tooling, and methodologies to advance threat hunting maturity and operational effectiveness.

Qualifications

• Preferred3 - 5 years of experiencein threat hunting, detection engineering, incident response, or security operations.

• Strong understanding ofthreat actor tactics, techniques, and procedures (TTPs)and modern attack methodologies.

• Hands-on experience withenterprise telemetry and security platforms(EDR, SIEM, network monitoring, cloud security tools).

• Proven application of theMITRE ATT&CK frameworkfor threat detection, gap analysis, and adversary mapping.

• Proficiency inscripting and query languages(Python, PowerShell, KQL, SQL, or equivalent).

• Experience withdata analysis and large-scale investigation workflows.

• Strong written and verbal communication skills, with the ability to translate technical findings intobusiness-relevant risk.

• Experience working incross-functional security teams(SOC, IR, Threat Intelligence, Detection Engineering).

• Relevant certifications (e.g.,CISSP, GCFA, GCIH, GCDA, or equivalent) preferred.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.

Similar Jobs (5)

Threat Emulation and Exploit Engineer

locations

3 Locations

time type

Full time

posted on

Posted 3 Days Ago

time left to apply

End Date: June 6, 2026 (11 days left to apply)

Sr Technology Risk Advisor, Chief Data & Analytics Office

locations

2 Locations

time type

Full time

posted on

Posted 30+ Days Ago

Senior Technical Risk Assurance Analyst - AI

locations

4 Locations

time type

Full time

posted on

Posted 30+ Days Ago

View All 5 Jobs

About Us

Vanguard, one of the world's leading investment management companies, serves individual investors, institutions, employer-sponsored retirement plans, and financial professionals. We have a diverse and talented crew with a culture that promotes teamwork, along with an unwavering focus on serving our clients' best interests.

This website uses "cookies" to distinguish you from other users. A cookie is a small file of letters and numbers placed on your computer or device. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services. The cookies are stored locally on your computer or mobile device. To accept cookies you can continue browsing as normal. Or you can go to ourPrivacy Policy ( to read more information and learn how to change your preferences.

Read More