Principal Advanced Threat Response Analyst
Role details
Job location
Tech stack
Job description
- Lead complex threat investigations involving APTs, ransomware, insider threats, and nation-state activity across enterprise and cloud environments.
- Drive proactive threat hunting programs focused on emerging TTPs, behavioral analytics, and detection gaps within EDR, SIEM, and network telemetry data.
- Develop and execute purple team exercises, simulating advanced adversarial tradecraft to assess detection and response capabilities.
- Collaborate with red teams and offensive security engineers to understand attacker tools, techniques, and procedures (TTPs) at a deep technical level and translate that understanding into effective detections.
- Perform incident command during major security events - leading multidisciplinary response teams, engaging executive stakeholders, and delivering after-action reports and strategic recommendations.
- Develop custom detections, playbooks, and automation in Splunk, Sentinel, or other platforms to improve time-to-detect and time-to-contain metrics.
- Mentor and coach junior analysts, hunters, and incident responders - fostering an environment of continuous learning and operational excellence.
- Contribute to threat intelligence initiatives, enriching internal intelligence feeds with context from ongoing investigations and external research.
- Collaborate with engineering and architecture teams to harden security controls across endpoint, network, and cloud layers.
- Conduct tabletop exercises and technical simulations to validate response readiness and identify process or technology gaps.
Requirements
At Hewlett Packard Enterprise (HPE), we are seeking a highly experienced and technically proficient Principal Advanced Threat response analyst to join our global security organization. The ideal candidate will have over a decade of hands-on experience in incident response, threat hunting, threat intelligence, digital forensics, malware analysis and incident management, with proven expertise in leading investigations into Advanced Persistent Threats (APT) and other complex, multi-stage intrusions, including widescale Ransomware attacks.
This role requires a blend of technical mastery, investigative acumen, and leadership capability. The candidate will drive proactive and reactive threat hunting efforts, lead critical incident response engagements, and develop both short-term containment and long-term remediation strategies to strengthen the organization's cyber defense and improve overall security posture., * 10+ years of experience in cybersecurity roles focused on incident response, threat hunting, digital forensics, threat intelligence, or SOC operations.
- Proven record of leading end-to-end investigations of advanced threat campaigns (APT) or other complex multi-vector attacks.
- Strong understanding of MITRE ATT&CK framework, adversary emulation, and kill chain analysis.
- Demonstrated expertise in both enterprise IT and cloud security (AWS, Azure, GCP) - from defensive and offensive perspectives.
- Working knowledge of red team / offensive security operations and the ability to deconstruct offensive tools (e.g., Cobalt Strike, Empire, Metasploit, Sliver, Mimikatz, other open-source OffSec tools) to detect their presence and behaviors.
- Deep knowledge of SIEMs (Splunk, Sentinel, ELK), EDR platforms (CrowdStrike, Carbon Black, Defender ATP), and forensics tools.
- Strong scripting or automation experience (Python, PowerShell, Bash) for hunting, enrichment, or data manipulation.
- Ability to design and facilitate purple team exercises and incident response tabletop simulations replicating advanced adversary techniques.
- Excellent communication and leadership skills; ability to brief executives, collaborate across functions, and guide junior team members.
Certifications
- Advanced SANS certifications such as GCFA, GREM, GCIA, GNFA, GCTI, GSEC, or GCIH.
- Offensive certifications such as OSCP, OSEP, OSED, or CRTO.
- Recognition from hands-on platforms (e.g., Hack The Box, Cyber Defenders, TryHackMe) demonstrating technical proficiency.
- Cloud security certifications (AWS Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer) are a plus.
Benefits & conditions
The expected salary/wage range for this position is provided below. Actual offer may vary from this range based upon geographic location, work experience, education/training, and/or skill level.
- United States of America: Annual Salary USD 120,500 - 276,500 in Texas The listed salary range reflects base salary. Variable incentives may also be offered.