Security Engineer II Threat Hunter
Share by Email Share on LinkedIn Share on X Share on Facebook Careers Search Jobs
Security Engineer II Threat Hunter Apply
Req. Number: 25005577 Posted Date: 172026
Our values start with our people. Join a team that values you. Bring your talents to Ross, our leading off-price retail chain with over 2200 stores and a strong track record of success and growth. Our focus has always been bringing our customers a constant stream of high-quality brands and on-trend merchandise at extraordinary savings. All while providing a fun and exciting treasure hunt experience.
As part of our team, you will experience:
Success. Our winning team pursues excellence while learning and evolving. Career growth. We develop industry-leading talent because Ross grows when our people grow. Teamwork. We work together to solve the hard problems and find the right solution.
Our commitment to Diversity, Equality & Inclusion and our community. We celebrate the backgrounds, identities, and ideas of those who work and shop with us because our differences make us stronger. We strive to be a positive force in our community.
Our Corporate headquarters are in Dublin, CA. We have 3 buying offices in key markets in New York City, Los Angeles, and Boston, and 8 distribution centers nationwide. With 2023 revenues of $20.4 billion, we are a Fortune 500 company who is committed to providing an inclusive work environment with continuous learning opportunities and development for our teams.
GENERAL PURPOSE
The Security Engineer II position is responsible for proactive threat hunting and cyber threat intelligence analysis to identify emerging threats, mitigate risks, and strengthen the organizations overall security posture. This role requires advanced technical expertise in cybersecurity tools, threat detection technologies, and Cyber threat intelligence analysis.
The associate will collect, analyze, and disseminate cyber threat intelligence leveraging data from OSINT (Open-Source Intelligence), Threat Intelligence platforms, and other sources, including SIEM and endpoint detection systems, to detect advanced persistent threats (APTs), malware, and other malicious activities.
The position also requires experience working in complex environments, applying structured analysis processes, and collaborating with cross-functional teams to ensure the effective identification and mitigation of cyber threats.
BASE SALARY RANGE
The base salary range for this role is $108,800 - $204,550. The base salary range is dependent on factors including but not limited to experience, skills, qualifications, relevant education, certifications, seniority, and location. The range listed is just one component of the total compensation package for employees. Other rewards vary by position and location.
ESSENTIAL FUNCTIONS
• Proactively hunt for advanced persistent threats (APTs), malware, and other malicious activities across networks, systems, and applications. Identify hidden threats that evade traditional security measures. • Synthesize large volumes of data from multiple sources to develop clear actionable intelligence. Create detailed threat intelligence reports for technical teams and senior leadership. • Proactively hunt for advanced persistent threats (APTs), malware, and other malicious activities across networks, systems, and applications. Identify hidden threats that evade traditional security measures. • Create, optimize, and automate detection rules and enrichment logic using scripting languages like Python and SQL. • Respond to escalation requests either via the Helpdesk, NOC, junior analysts, or other IT representatives. • Contribute to the monthly Cyber Defense dashboard with relevant performance indicators and security threat assessments. • Develop and implement automated workflows and playbooks to streamline threat detection analysis and response processes, ensuring quick and effective mitigation of identified threats. • Mapping adversary behaviors using the MITRE ATT&CK framework to understand attack vectors and predict potential threats. • 24x7 on-call duties apply on rotation and escalation
COMPETENCIES
People:
• Building Effective Teams • Developing Talent • Collaboration and Self • Leading by Example • Communicates Effectively • Ensures Accountability and Execution • Manages Conflict
Business:
• Business Acumen • Plans Aligns and Prioritizes • Organizational Agility
With particular emphasis on the following specific position-related competencies:
• Analysis and Judgment • Drive for Results • Technical Competence • Interpersonal Effectiveness
QUALIFICATIONS AND SPECIAL SKILLS REQUIRED
• Minimum of 8 years of experience in cybersecurity with at least 5 years focused on threat intelligence analysis and cyber threat hunting. • Proven experience leading or mentoring CTI analysts. • Strong expertise in threat intelligence platforms, TIPs, SIEM tools, and endpoint detection technologies. • Proficiency in collecting, analyzing, and disseminating threat intelligence from OSINT, internal sources, and commercial threat feeds. • Hands-on experience with automated workflows, playbook development, and advanced threat hunting techniques. • Deep understanding of attack methodologies, APTs, malware, ransomware, and other cyber threats. • Familiarity with the MITRE ATT&CK framework and indicators of compromise (IoCs). • Ability to synthesize complex data and produce actionable, clear intelligence for both technical and non-technical audiences. • Strong communication skills for reporting and briefing leadership on emerging threats. • Security certifications such as CISSP, GCTI, or equivalent are highly preferred. • Experience working in large enterprise environments with complex infrastructures and multiple overlapping tools. • Excellent reporting and communication skills with the ability to present technical findings to varied audiences. • Proficiency in scripting languages such as Python and SQL for data analysis and automation. • Knowledge of STIX/TAXII protocols for automated sharing and ingestion of structured threat intelligence data across systems. • Strong understanding of dark web marketplaces, threat actor infrastructures, ransomware groups, and emerging cybercriminal tactics, techniques, and procedures (TTPs).
PHYSICAL REQUIREMENTS
ADA
Job requires ability to work in an office environment primarily on a computer. Requires sitting, standing, walking, hearing, talking on the telephone, attending in-person meetings, typing, and working with paper files, etc. Consistent timeliness and regular attendance. Vision requirements: Ability to see information in print and/or electronically.
This position may be performed remotely anywhere within the United States.
SUPERVISORY RESPONSIBILITIES
NADISCLAIMER
This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at managements discretion.
Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities, and experience. We believe that it is an essential part of the Companys overall commitment to attract, hire, and develop a strong, talented, and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental, or developmental disability, sex (including pregnancy, childbirth, breastfeeding, and medical conditions related to pregnancy, childbirth, or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition, including cancer or genetic characteristics, genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state, or local laws.