Threat Engineer

We are a lean, fast-paced organization where security is paramount, but engineering velocity is sacred. We are looking for a highly focused Threat Engineer to serve as the primary administrator for our enterprise CrowdStrike deployment, while simultaneously owning our external attack surface and threat intelligence operations.

In this role, you will act as the critical bridge between external threat landscapes and our internal engineering and infrastructure teams. Your absolute top priority will be administering and tuning CrowdStrike Falcon to protect our endpoints. Additionally, you will operate our incoming threat intelligence, manage our corporate domain portfolio, and triage our crowdsourced bug bounty program. Your job is to identify, validate, and neutralize external threats, using external intelligence to directly harden our internal CrowdStrike policies.

Who you're committed to being:

• A Self-Starter with Radical Ownership:You don't wait for a ticket to tell you something is wrong. You hold the authority to detect gaps and resolve them.
• A Technical Translator:You can interpret a complex exploit payload or an unprocessed intelligence report and convert it into actionable requirements for a developer.
• A Balanced Pragmatist:You understand that "secure" shouldn't mean "slow." You strive to integrate security into the engineering workflow rather than obstructing it.
• A Diligent Gatekeeper:You hold external vendors and researchers to a high standard, ensuring that every pentest and bug bounty report adds genuine value to our security posture.
• Analytically Rigorous:You enjoy the "hunt"-whether it's tracking down a typosquatted domain or reproducing a sophisticated OWASP Top 10 vulnerability.

What you'll do:

Threat Intelligence & Brand Protection

• Daily Triage & Monitoring:Monitor our enterprise Threat Intelligence Platform (TIP) for high-fidelity alerts, credential exposures, and active exploitation of our tech stack.
• Landscape Analysis:Analyze curated intelligence reports for emerging threat actors targeting our industry sector, translating raw data into proactive technical defenses inside CrowdStrike and our network perimeter.
• Domain & Brand Administration:Serve as the primary administrator for our Enterprise Domain Management platform. Manage all corporate domain registrations, renewals, and DNS security records (DMARC, DKIM, SPF). Actively monitor for typosquatting and initiate takedowns when malicious intent is confirmed.

CrowdStrike Administration & Endpoint Defense

• Platform Management:Serve as the primary owner and administrator for our enterprise CrowdStrike Falcon deployment. Ensure comprehensive sensor coverage, monitor host health, and troubleshoot deployment issues across diverse operating systems (Windows, macOS, Linux).
• Policy Tuning:Continuously refine CrowdStrike prevention policies, IOCs, and exclusions based on incoming threat intelligence. Balance aggressive threat prevention with engineering velocity, actively minimizing false positives and developer friction.

Vulnerability Validation & Bug Bounty

• Bug Bounty Triage:Manage our crowdsourced vulnerability disclosure program. Act as the first line of defense to triage, reproduce, and validate exploit reports (e.g., complex OWASP Top 10 payloads) submitted by external security researchers.
• Developer Remediation:Translate validated vulnerability reports into actionable, context-rich Jira tickets for engineering teams. Ensure remediation aligns with our internal SLAs and risk profile.

Incident Response & Operations

• Incident Handling:Lead investigations for escalated threat intelligence and CrowdStrike endpoint security alerts. You will execute the formal SANS incident response process-including preparation, identification, containment, eradication, recovery, and lessons learned-for each critical alert.
• On-Call Rotation:Participate in a scheduled, shared on-call rotation to provide off-hours triage and containment for high-severity security events.

• Operational Autonomy:Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors. Uses evaluation, judgment, and interpretation to select the right course of action. Work is done independently and is reviewed at critical points.
• CrowdStrike Expertise:Deep, hands-on experience administering, tuning, and deploying CrowdStrike Falcon in an enterprise environment. You must know how to navigate the console, build custom IOAs, and utilize Falcon Insight (Real Time Response).
• Incident Response:Proven experience participating in an incident response lifecycle, performing log analysis, and containing live threats in a cloud-native or hybrid environment.
• Vulnerability Validation:Proven experience manually validating web application and cloud vulnerabilities to effectively triage bug bounty submissions.
• Brand & Domain Management:Experience managing corporate domain portfolios, DNS configurations, and digital brand protection strategies.
• Preferred certifications: Endpoint & Response:CrowdStrike Certified Falcon Administrator (CCFA), CrowdStrike Certified Falcon Responder (CCFR), or GIAC Certified Incident Handler (GCIH); Threat Intelligence & Defense:GIAC Cyber Threat Intelligence (GCTI), CompTIA Cybersecurity Analyst (CySA+/SecurityX); Offensive Security & AppSec:GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), or CompTIA PenTest+., * Requires 5+ years of related or equivalent experience within security operations, threat intelligence, or product security; or 3+ years with an advanced degree.
• Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors. Devises solutions based on limited information and precedent and adapts existing approaches to resolve issues. Uses evaluation, judgment, and interpretation to select the right course of action. Work is done independently and is reviewed at critical points.
• Proven experience manually validating web application and cloud vulnerabilities. Ability to critically review third-party pentest reports to ensure vendor quality and accuracy.
• Strong organizational discipline to manage external testing vendors, audit contractor workflows, and drive cross-functional remediation efforts without requiring direct authority.
• Experience managing corporate domain portfolios, DNS configurations, and digital brand protection strategies.
• This is a remote role;however, applicants located within 45 miles of our Westlake/Dallas, TX office should expect to work on-site Tuesday through Thursday, with remote flexibility on Mondays and Fridays. This approach enables more effective collaboration, quicker decision-making, and a stronger culture, while still providing flexibility.

• We work in a blended environment that supports collaboration, flexibility, and connection across teams.
• We are mission-driven, shaping the future of tech upskillling and delivering impact that matters.
• We foster a culture of inclusion and belonging, where everyone can contribute and thrive.
• We are always learning, creating an environment where you can take on new challenges, expand your skills, and grow with purpose.
• Benefits include competitive compensation, bonus eligibility, comprehensive medical coverage, unlimited PTO, wellness reimbursement, professional development funds, and more., The annual US base salary range for this role is $106,400 - $140,000 USD. Actual compensation will depend on location, skills, experience, and other factors. Additional benefits and bonuses may apply.

Pluralsight provides the only learning platform dedicated to accelerating the technology skills and capabilities of today's tech workforce. Thousands of companies, government organizations and individuals around the world rely on Pluralsight to support critical technology skill development in areas that are crucial to innovation including artificial intelligence, cloud computing, cybersecurity, software development, and machine learning. We offer highly curated content developed by vetted technology experts, industry leading skill assessments, and hands on, immersive learning experiences designed to help individuals skill-up faster.