Cyber Threat Management Analyst, Specialist

Leads advanced, proactive threat hunting across the enterprise, leveraging adversary emulation, threat intelligence, and analytics to uncover hidden threats, close detection gaps, and operationalize improvements across detection engineering, incident response, and purple team functions. Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that Vanguard leaders and crew drive faster, stronger, risk‑informed decisions. Within GR&S, the Enterprise Security and Fraud (ES&F) sub‑division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are trusted advisors that protect the pride of Vanguard with state‑of‑the‑art security and fraud capabilities. We are a world‑class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever‑changing security landscape. Our crew are our greatest resource – by joining our team you will build collaborative long‑term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work‑life balance, and an investment in your future at its core. Core Responsibilities Lead proactive threat hunting operations across enterprise environments, including adversary emulations, live hunts, and investigative assessments. Identify anomalous behaviors and translate findings into actionable detections. Apply hypothesis‑driven hunting methodologies, leveraging threat intelligence, behavioral analytics, and the MITRE ATT&CK framework to identify gaps in detection and control coverage. Analyze telemetry across the enterprise security stack (endpoint, network, identity, cloud, email, SIEM/XDR) and pivot across datasets to identify advanced threats and hidden attacker activity. Identify and validate adversary techniques, mapping observed activity to ATT&CK and informing improvements to detection logic, alerting, and response workflows. Enhance detection engineering efforts by developing, tuning, and validating rules, analytics, and behavioral detections based on hunt findings and adversary simulations. Leverage scripting and automation (e.g., Python, PowerShell, KQL, SQL) to scale threat hunting activities, enrich data, and improve investigative efficiency. Utilize advanced analytics and AI‑assisted techniques to accelerate the identification of suspicious or malicious activity. Collaborate across CSOC and engineering teams to validate findings, operationalize detections, and strengthen defensive capabilities. Produce clear and actionable reporting, including hunt reports, detection gap analyses, and executive summaries that translate technical findings into business risk and recommended actions. Support incident response when required, providing deep investigative expertise, threat context, and rapid escalation of critical findings. Mentor and guide team members, sharing threat hunting methodologies, tooling expertise, and investigative techniques to improve overall team capability and maturity. Continuously evaluate and improve hunt processes, tooling, and methodologies to advance threat hunting maturity and operational effectiveness. Qualifications Preferred 3 - 5 years of experience in threat hunting, detection engineering, incident response, or security operations. Strong understanding of threat actor tactics, techniques, and procedures (TTPs) and modern attack methodologies. Hands‑on experience with enterprise telemetry and security platforms (EDR, SIEM, network monitoring, cloud security tools). Proven application of the MITRE ATT&CK framework for threat detection, gap analysis, and adversary mapping. Proficiency in scripting and query languages (Python, PowerShell, KQL, SQL, or equivalent). Experience with data analysis and large‑scale investigation workflows. Strong written and verbal communication skills, with the ability to translate technical findings into business‑relevant risk. Experience working in cross‑functional security teams (SOC, IR, Threat Intelligence, Detection Engineering). Relevant certifications (e.g., CISSP, GCFA, GCIH, GCDA, or equivalent) preferred. Sponsorship Vanguard is not offering visa sponsorship for this position. #J-18808-Ljbffr Vanguard