Senior Cyber Security Specialist II - Threat Detection and Response

Job Description

Job Summary

This role supports Walgreens' Threat Detection and Response function, with a focus on leading complex security investigations, advancing enterprise detection capabilities, and improving incident response effectiveness across hybrid environments.

As a senior-level individual contributor, you will serve as a technical escalation point for high-impact and complex security incidents, owning investigations end to end from triage through root cause analysis, containment, remediation, and post-incident improvement. This role requires deep hands-on expertise, strong judgment, and the ability to operate independently in ambiguous and time-sensitive situations.

You will help shape detection strategy by building and tuning detection logic, proactively hunting for threats, and using automation to improve response speed, consistency, and scalability. This work spans hybrid infrastructure, cloud environments, applications, identity systems, endpoints, and enterprise platforms, using log analysis, behavioral signals, threat intelligence, and attacker TTPs to identify and mitigate risk.

Key responsibilities include:

• Designing, implementing, and tuning detection logic across enterprise and cloud environments
• Leading complex incident response efforts and driving investigations through resolution
• Conducting proactive threat hunting and converting findings into actionable detections
• Developing automation to improve detection, enrichment, triage, and response workflows
• Partnering with security, engineering, infrastructure, and business teams to improve logging, telemetry, and observability
• Identifying gaps in detection coverage, tooling, processes, and response procedures, and driving improvements
• Providing technical guidance, mentoring team members, and contributing to overall team capability through knowledge sharing, documentation, and tabletop exercises
• Communicating technical findings clearly to both technical and non-technical audiences, including leadership when needed

Success in this role requires the ability to take ownership, make sound decisions under pressure, and independently drive outcomes across complex security scenarios. The ideal candidate is hands-on, technically strong, comfortable navigating ambiguity, and able to influence improvements that strengthen Walgreens' overall security posture.

Location Requirement:
This is a hybrid role based in Deerfield, IL, with 4 days onsite and 1 day remote.

Work Authorization:
Work visa sponsorship is not available for this role.

Job Responsibilities

• Leads threat detection by identifying threats at the first phase of an attack or compromise. Detects threat actor activity including exploitation and risk to critical systems.
• Monitors specific cyber threat actors to understand their tactics and techniques.
• Utilizes data analysis, threat intelligence and cutting-edge security technologies to find unusual behavior and malicious activity.
• Leads the hunt for hidden and unidentified threats to the organization's cyber environment.
• Tracks down the malicious agents who are already in a network and removes them from the environment once discovered.
• Works with security monitoring tools such as firewalls, data loss prevention, network intrusion detection and antivirus software.
• Uses a hypothesis-driven approach and behavioral analysis to uncover connections and correlations between potential cyber threats.
• Reviews audit logs to identify unusual behavior in the network and endpoint devices. Documents findings and incident investigations. Provides feedback and training to improve security controls.
• Leads in assessing network vulnerabilities and identifying critical security flaws by testing and validating the security of the network and/or testing the network to understand where vulnerabilities exist and where corrections are needed

About Walgreens
Founded in 1901, Walgreens ( has a storied heritage of caring for communities for generations and proudly serves nearly 9 million customers and patients each day across its approximately 8,500 stores throughout the U.S. and Puerto Rico, and leading omni-channel platforms. Walgreens has approximately 220,000 team members, including nearly 90,000 healthcare service providers, and is committed to being the first choice for retail pharmacy and health services, building trusted relationships that create healthier futures for customers, patients, team members and communities.

External Basic Qualifications

• Bachelor's degree and at least 5 years of Information/Cyber Security experience OR a High School Diploma/GED and at least 7 years of Information/Cyber Security experience
• Experience presenting to and interacting with the Executive level.
• At least 4 years of Cyber Security experience in at least three of the following: Active threat hunting (open source or commercial tooling), Intrusion analysis, Managed or enterprise information security services, Incident response, Endpoint forensics (Windows, MAC, or Linux), Malware analysis, Penetration testing, Network defense, Threat hunting, Information security consulting
• Experience establishing & maintaining relationships with individuals at all levels of the organization, in the business community & with vendors.
• Experience analyzing and reporting data in order to identify issues, trends, or exceptions to drive improvement of results and find solutions.
• At least 2 years of experience contributing to financial decisions in the workplace.
• At least 2 years of direct leadership, indirect leadership and/or cross-functional team leadership.
• Willing to travel up to/at least 10% of the time for business purposes (within state and out of state).

Preferred Qualifications

• Bachelor's degree and at least 5 years of Information/Cyber Security experience OR a High School Diploma/GED and at least 7 years of Information/Cyber Security experience
• Experience presenting to and interacting with the Executive level.
• At least 4 years of Cyber Security experience in at least three of the following: Active threat hunting (open source or commercial tooling), Intrusion analysis, Managed or enterprise information security services, Incident response, Endpoint forensics (Windows, MAC, or Linux), Malware analysis, Penetration testing, Network defense, Threat hunting, Information security consulting
• Experience establishing & maintaining relationships with individuals at all levels of the organization, in the business community & with vendors.
• Experience analyzing and reporting data in order to identify issues, trends, or exceptions to drive improvement of results and find solutions.

We will consider employment of qualified applicants with arrest and conviction records.