Lead, Cyber Defense & Response

Job Classification:

Technology - Information Security

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you’ll unlock an exciting and impactful career – all while growing your skills and advancing your profession at one of the world’s leading financial services institutions.

Your Team & Role

The Threat Hunting Lead will report to the Director of Threat Hunting and will serve as a senior technical lead and driver for proactive threat hunting operations across on-prem and cloud environments. This role is responsible for leading complex hunts end-to-end (hypothesis development, telemetry validation, analytic execution, and operationalization), mentoring other hunters, and partnering closely with Cyber Threat Intelligence, Incident Response and Detection Engineering, and improving enterprise detection, response readiness, and visibility.

Here is What You Can Expect on a Typical Day

• Lead proactive threat hunts across enterprise environments (on-prem and cloud), including Active Directory/Entra, M365, Azure, AWS, endpoints, identity, network, and application telemetry.
• Develop and refine hunt hypotheses based on emerging threats, adversary TTPs, vulnerability exploitation trends, and internal detections/incident learnings; map activity to frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
• Execute advanced investigations and log analytics using SIEM/XDR platforms; leverage Splunk SPL and Microsoft KQL to identify suspicious patterns, perform pivoting, and validate attack paths.
• Operationalize outcomes by translating hunt findings into durable defensive improvements: candidate detections/use-cases, analytic content, prioritized telemetry gaps, and actionable response guidance for IR/CSOC.
• Partner with Cyber Threat Intelligence to convert intelligence into environment-specific hunting plans, tracking, and measurable coverage (e.g., techniques, telemetry sources, and control validations).
• Partner with Detection Engineering to develop, test, and tune detection logic, including supporting documentation, test cases, and validation against realistic adversary behaviors.
• Drive visibility and resiliency improvements by identifying logging and data quality deficiencies, prioritizing remediation with stakeholders, and validating that required telemetry is consistently available.
• Provide technical leadership and coaching to threat hunting staff, including reviewing analytic approaches, promoting repeatable methodologies, and uplifting standards for documentation and knowledge sharing.
• Communicate clearly to stakeholders by producing concise executive summaries and detailed technical write-ups, brief leadership and technical partners on risk, scope, and recommended actions.
• Support incident response as needed by performing adjacency and scoping hunts during active incidents to prevent under-scoping and to identify persistence, lateral movement, and follow-on activity.
• Contribute to program maturity by improving playbooks, workflows, metrics, and reporting for threat hunting operations (e.g., coverage progress, outcomes, and time-to-insight).

The Skills & Expertise You Bring

• 5+ years of experience in cyber threat hunting, incident response, detection engineering, or security operations in large enterprise environments.
• Demonstrated experience conducting investigations across endpoint, identity, network, and cloud telemetry in complex environments.
• Strong proficiency with at least one major SIEM/XDR ecosystem and advanced query authoring; hands-on experience with Splunk SPL and/or Microsoft KQL strongly preferred.
• Working knowledge of attacker tradecraft, including credential access, persistence, lateral movement, defense evasion, command-and-control, and data exfiltration techniques.
• Strong understanding of adversarial frameworks including MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain, and ability to apply them to analytic development and hunting.
• Experience designing or improving hunt programs, including workflow/process, metrics, reporting, and knowledge management.
• Industry Standard certifications (one or more), such as:
• GIAC GCIA, GMON, GX-IA, GCED, GX-CX, GCIH, GCFE, GCFA, GEIR, GCFR, GNFA, GCTI, GCTD, GCFR, GCPN, GPEN, GXPN
• Microsoft SC-200, AZ-500
• CompTIA Cybersecurity Analyst (CySA+)