Engineer III, Cyber Threat Hunter

College Board - Technology - Cyber Security Operations Team

Location: 1) This is a fully remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office).


Type: This is a full-time position


About the Team

The Cyber Security Operations team is critical to the strategic foundation of our products, most notably the secure delivery of our Digital SAT and AP programs. We are a highly motivated group of cyber security experts who take a proactive approach to ensuring a strong security posture. We partner across the organization to mature our Threat Management and Incident Response procedures and are constantly seeking and experimenting with new technologies. We are currently using a variety of cutting-edge tools that provide comprehensive cyber security operations for the College Board's critical infrastructure in support of the College Board's mission to connect students to college success and opportunity. College Board is committed to creating an inclusive environment where all team members feel valued, respected, and supported in their work. We welcome individuals from diverse backgrounds and experiences to join our team and contribute to our ongoing success.


About the Opportunity

As a Cyber Threat Hunter, you will play a hands-on role in defending the cloud and enterprise environments that power the Digital SAT, AP, and other high-stakes programs. You will work in an AWS-heavy environment at national scale, where detection quality, investigation speed, and clear documentation directly support exam integrity and student trust.


This role exists to strengthen our detection and response capabilities. You will build and improve SIEM detections, execute structured threat hunts, and help validate controls through purple team exercises. You will contribute to incident investigations, refine response playbooks, and use automation to make our workflows faster and more reliable.


You will partner closely with engineers, architects, and product teams to close visibility gaps and reduce risk in practical, measurable ways. Success in this role means fewer blind spots, higher fidelity alerts, and a cyber defense program that is proactive rather than reactive.


In this role, you will:

Threat Hunting & Detection Engineering (45%)

• Execute hypothesis-driven threat hunts across AWS, identity, endpoint, and network telemetry, documenting findings and recommended control or detection improvements.
• Build, tune, and maintain SIEM detections focused on high-risk behaviors such as IAM misuse, persistence, privilege escalation, and data access or exfiltration.
• Reduce alert noise through structured tuning, baselining, and enrichment while preserving meaningful coverage.
• Map detections and hunts to MITRE ATT&CK techniques to identify and close visibility gaps.

Incident Response & Investigation (30%)

• Support investigation and containment of security incidents, performing log analysis, scoping impact, and documenting findings.
• Contribute to the development and refinement of incident response playbooks for common cloud and identity-based scenarios.
• Produce clear after-action reports that identify root cause, control gaps, and prioritized remediation steps.
• Participate in periodic tabletop or fire drill exercises to validate readiness and improve response coordination.

Purple Teaming & Continuous Improvement (15%)

• Participate in purple team exercises to validate detection effectiveness and help prioritize remediation of identified gaps.
• Partner with offensive testing and engineering teams to translate findings into improved detections and hardened configurations.
• Identify opportunities to strengthen logging, telemetry coverage, and control effectiveness across cloud and enterprise systems.

Automation, Documentation & Knowledge Sharing (10%)

• Develop lightweight automation and scripts to improve investigation speed, enrichment, and reporting consistency.
• Maintain well-documented detection logic, hunt results, and response procedures to improve repeatability and team scalability.
• Share threat insights and lessons learned with the broader security and engineering community through briefings or written updates.

About you, you have:

• 3 to 5 years of progressive experience in cyber defense, including threat hunting, detection engineering, and incident response in enterprise environments.
• Strong cloud security experience in AWS-heavy environments, including building detections and investigations using cloud-native telemetry (for example CloudTrail, IAM, VPC Flow Logs, CloudWatch logs, and compute or container logs).
• Hands-on experience developing, tuning, and maintaining SIEM detections and analytics, including writing high-quality queries, building dashboards, and improving signal-to-noise. Experience with Sumo Logic is strongly preferred.
• Ability to lead threat hunts end-to-end, including hypothesis creation, data collection, analysis, documentation of findings, and recommendations grounded in attacker TTPs and frameworks such as MITRE ATT&CK.
• Experience supporting high-severity incident response, including triage, scoping, containment guidance, and deeper analysis, with comfort serving as an escalation point for complex investigations.
• Practical knowledge of investigative and forensic methods, including log forensics, timeline analysis, evidence handling, and documentation, to support enterprise incident investigations and E-Discovery needs as required.
• Experience planning or participating in purple team and detection validation activities to evaluate control effectiveness and improve alerting and response outcomes.
• Ability to operationalize and optimize security tooling by integrating log sources, improving visibility, and aligning detection coverage to current threats and business risk.
• Strong automation and scripting skills (for example Python, PowerShell, Bash) to streamline investigations, enrich alerts, and improve repeatability across hunting and response workflows.
• Excellent written and verbal communication skills, including producing after-action reports, threat briefings, and clear, actionable remediation guidance for technical and non-technical stakeholders.
• A collaborative mindset with experience partnering across engineering, architecture, and development teams, and mentoring junior analysts or engineers to raise team capability.
• Nice to have
• Relevant certifications (for example GCIA, GCIH, GNFA, AWS Security Specialty, Security+).
• Experience securing modern cloud platforms such as containers and Kubernetes, serverless, and CI/CD pipelines, and detecting identity-based attacks in cloud environments.

For all roles at College Board:
We are seeking individuals who are passionate about expanding educational and career opportunities and committed to mission-driven work. Candidates must be authorized to work in the United States for any employer and should possess clear and concise communication skills, both written and verbal. Proficiency in Microsoft Suite tools is preferred, though a willingness to learn is equally valued. We look for those with curiosity and enthusiasm for emerging technologies, particularly AI-driven solutions, and a proactive approach to independently learning and applying new digital tools. Most importantly, applicants should demonstrate the skills and mindsets aligned with College Board's Operating Principles, reflecting a commitment to continuous growth, collaboration, and impact, notably:

• A commitment to candid, timely, respectful feedback
• A learner orientation and an openness to ideas and diverse perspectives
• The ability to push for excellence through data-informed decision-making, iterative learning, external benchmarking and user-inputs
• Strong problem-solving skills, including the ability to break down complex issues and identify clear paths forward
• A track record of prioritizing high-impact work, simplifying complexity, taking initiative, and making decisions quickly with clarity of purpose
• A habit of collaborating across differences, practicing empathy, and contributing to a culture of trust and shared success

About Our Process

• Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days.
• While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.

What We Offer
At College Board, we offer more than just a paycheck-we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. We're a self-sustaining nonprofit that believes in fair and competitive compensation, grounded in your qualifications, experience, impact, and the market.

A Thoughtful Approach to Compensation

• The hiring range for this role is $128,000-$139,000.
• Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.
• We aim to make our best offer upfront, rooted in fairness, transparency, and market data.
• We adjust salaries by location to ensure fairness, no matter where you live.
• You'll have open, transparent conversations about compensation, benefits, and what it's like to work at College Board throughout your hiring process. Check out our careers page for more.

#LI-MC1

#LI-Remote