As a Senior Threat Hunter/SOC Analyst within RSM Defense, you own high-severity security investigations and help guide the SOC's technical direction across a growing managed security services environment supporting diverse client organizations. You will lead end-to-end incident analysis, validate adversary behavior, and translate evidence into clear containment and remediation guidance tailored to each client's environment and risk context. You will also influence detection engineering and response automation by identifying content gaps, validating improvements against live telemetry, and converting operational lessons learned into durable, repeatable change.

The SOC operates on an integrated detection and response model across endpoint, identity, cloud, and network telemetry, supported by AI-assisted analysis and automation to reduce repetitive triage and maximize analyst focus on complex tradecraft, proactive improvements, and mentorship.

Key Responsibilities:

Advanced Investigation, Incident Handling & Incident Response

• Lead complex, high-severity investigations across endpoint, network, cloud, and identity telemetry.
• Perform root cause analysis and reconstruct incident timelines using aligned MITRE ATT&CK mapping.
• Serve as the primary technical liaison during escalated incidents, delivering clear findings and remediation steps to internal leadership and clients.
• Drive the creation of After-Action Reports (AARs) and lessons learned to improve tooling, detections, and workflow performance.

Detection Engineering & Content Support

• Identify detection gaps and collaborate with Detection Engineering to develop, refine, and tune detection content across relevant telemetry sources.
• Validate new detections before SOC deployment and provide measurable feedback based on production telemetry.

SOAR Automation & Workflow Optimization

• Leverage SOAR platforms to automate enrichment, triage, and response actions.
• Identify repetitive patterns ideal for automation and propose workflow enhancements to reduce MTTR.
• Validate automation logic prior to production rollout and ensure alignment with SOC escalation policies.
• Collaborate with engineering teams to incorporate additional enrichment sources, threat intel lookups, and AI-driven analysis steps.

AI, Machine Learning & Prompt Engineering

• Utilize AI copilots, enrichment agents, and LLM-based analysis tools to support case triage, enrichment, and investigation.
• Develop, optimize, and maintain prompt templates for SOC use cases (enrichment summaries, detection validation, log interpretation, hypothesis generation).
• Evaluate the accuracy and reliability of AI-generated outputs and implement QA steps to avoid hallucinations or misleading results.
• Identify opportunities to integrate AI agents into detection, triage, and response workflows-improving analyst speed and consistency.
• Provide feedback to engineering teams on model behavior, content gaps, and automation integration opportunities.

Threat Hunting & Proactive Analysis

• Support hypothesis-driven and intelligence-led hunts by validating findings, artifacts, and suspicious patterns.
• Recommend new hunts based on emerging TTPs, anomalous case trends, or telemetry gaps discovered during investigations.
• Ensure hunt findings translate into new detections, enhanced content, or instrumentation improvements.

Leadership, Mentoring & Team Development

• Mentor junior analysts on investigation techniques, tooling proficiency, case documentation, and proper analytical depth.
• Conduct quality reviews of Tier 1/2 case handling and provide constructive feedback.
• Contribute to training guides, runbooks, knowledge bases, and onboarding materials.
• Lead technical briefings, internal workshops, and knowledge-sharing sessions across SOC teams.

Reporting & Continuous Improvement

• Produce clear, concise, and accurate technical reports, incident summaries, and executive-friendly communications.
• Identify inefficiencies and propose enhancements in monitoring, detection logic, processes, and analyst training.

Required Qualifications:

• 5+ years in SOC / detection engineering / threat hunting / incident response (or equivalent depth)
• Demonstrated experience leading complex investigations and communicating findings to both technical and non-technical stakeholders
• Hands-on SIEM/EDR/XDR investigation experience and comfort writing or tuning detections (KQL/SPL/Sigma or similar)
• Strong working knowledge of incident response lifecycle and evidence-driven root cause analysis

Preferred Qualifications:

• Certifications such as GCIH, GCFA, GCDA, or similar.
• Experience with Elastic, Splunk, or other search-based platforms.
• Knowledge of the MITRE ATT&CK framework.
• Exposure to scripting languages for automation and enrichment.

Key Attributes:

• Curious and detail-oriented with a passion for proactive defense.
• Able to work independently or collaboratively in high-paced environments.
• Strong written and verbal communication skills.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.

This role provides a hands-on opportunity to engage in proactive threat detection and response activities and contribute directly to the maturity and effectiveness of the SOC's security posture.

At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life's demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits.

At RSM, an employee's pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range.

Compensation Range: $85,100 - $161,700

Individuals selected for this role will be eligible for a discretionary bonus based on firm and individual performance.