Senior Engineer - Threat Hunting

Building trusted markets —powered by our people.

At Cboe, we inspire our people to solve complex challenges together because what we do matters. We provide the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers cutting-edge trading, clearing and investment solutions to market participants around the world.

We’re building inclusive ways to support professional and personal development while strengthening the trust we’ve earned as a global market leader. Our teams are empowered to share ideas, actively pursue them and bring on a challenge. As champions of internal mobility and access to opportunity, we encourage our people to “go for it” and equip our managers with the training to coach their teams to the next level. Our Associate Resource Groups champion diversity, equity and inclusion, giving associates a safe space to network, share ideas and create opportunities.

The Senior Engineer Threat Hunting will be a senior individual contributor within Cboe’s Security Operations organization, responsible for defining, advancing, and executing the enterprise approach to detection engineering, threat hunting, and adversary emulation. This role focuses on building and maturing detection capabilities across platforms such as SIEM, EDR, identity, cloud, and SaaS environments, ensuring detections are resilient, scalable, and aligned to real‑world adversary behavior. The Senior Engineer Threat Hunting will lead complex, hypothesis‑driven threat hunts, partner closely with stakeholders to design and execute adversary emulation scenarios, and translate findings into durable detections, improved telemetry, and architectural enhancements. This individual will also serve as a technical lead during the most complex or high‑severity security incidents, shaping investigative approach and long‑term defensive improvements.

In this role you’ll be responsible for:

• Owning the enterprise detection engineering capability end‑to‑end, including standards, patterns, quality bars, and long‑term technical direction
• Designing, implementing, and reviewing high‑fidelity detections across endpoint, identity, cloud, network, and SaaS environments
• Leading complex, hypothesis‑driven threat hunts that address ambiguous, cross‑organizational risk and novel attacker behavior
• Translating threat hunting outcomes into robust detections, improved telemetry, or architectural changes rather than one‑off findings
• Partnering with internal stakeholders to design and execute adversary emulation scenarios that validate real‑world detection and response effectiveness
• Identifying systemic detection and response gaps and driving remediation across engineering, operations, and architecture teams
• Acting as the technical lead during highest‑severity incidents, guiding investigative approach and defensive improvements
• Influencing security strategy, roadmaps, and investment decisions by translating technical findings into business and risk context
• Provide expert recommendations and best practices to security managers, technical managers, and stakeholders including legal and regulatory teams.
• Mentoring senior engineers and analysts and setting the technical bar for excellence across detection, hunting, and adversary emulation
• Stay current with industry trends, security standards, and best practices to ensure our systems remain secure against evolving threats.

The ideal candidate has:

• 5-8+ years of experience in cybersecurity operations, detection engineering, threat hunting, or offensive security
• Deep expertise in attacker tradecraft, adversary behaviors, and defensive detection techniques across multiple domains
• Strong hands‑on experience with SIEM, EDR, cloud security platforms, and large‑scale log analytics (Google SecOps, Defender XDR, Crowdstrike)
• A proven ability to solve ambiguous, systemic, cross‑organizational security problems with minimal direction
• Experience balancing hands‑on execution with strategic influence, knowing when to build directly and when to enable others
• The ability to operate with near‑complete autonomy, setting technical direction rather than receiving it
• Strong communication skills, including the ability to explain complex technical risk to senior security and technology leaders
• Bachelor’s degree or equivalent practical experience
• Proficiency in scripting and automation for security operations.

You’ll really stand out with:

• Bachelor's Degree in Cybersecurity or Computer Science
• System Administration experience in Windows or Linux
• Proven ability to script and automate tasks
• Specific experience with Google Secops SIEM, the Microsoft Security Stack, or ProofPoint Email Security Services
• CISSP, CASP or other related security certifications

#LI-CP2

This position is not eligible for visa sponsorship. Candidates must be legally authorized to work in the United States without the need for employer sponsorship now or in the future.

Salary Ranges (applicable for US locations only)

This role may also be eligible for annual incentive compensation and, where applicable, participation in Cboe's long-term equity programs.

Additional information about Cboe's total rewards program, including benefits and other compensation components, can be found here: Total Rewards at CBOE.​
 

Any communication from Cboe regarding this position will only come from a Cboe recruiter who has a @cboe.com email or via LinkedIn Recruiter. Cboe does not use any other third party communication tools for recruiting purposes.