Job Summary This role supports Walgreens’ Threat Detection and Response function, focusing on investigating and responding to security incidents across the enterprise. As a senior-level individual contributor, you will serve as an escalation point, owning incidents end to end from triage through root cause analysis and remediation. Requiring hands-on expertise, strong judgment, and the ability to operate independently. You will build detection capabilities, proactively hunt for threats, and improve response effectiveness through automation. This work spans hybrid infrastructure, applications, and enterprise systems, using log analysis, behavioral signals, and threat intelligence to identify and mitigate risk.
Key responsibilities include:
Designing and implementing detection across enterprise environments
Developing automation to improve detection and response efficiency
Leading incident response efforts and driving investigations to resolution
Partnering with cross-functional teams to improve logging, telemetry, and observability
Conducting proactive threat hunting and operationalizing findings into detections
Mentoring team members and contributing to overall team capability
Success in this role requires the ability to operate effectively in ambiguous situations, take ownership of work, and independently drive outcomes. The ideal candidate is comfortable navigating complex environments, identifying gaps, and developing solutions that strengthen the organization’s security posture.
Location Requirement: This is a hybrid role based in Deerfield, IL (Walgreens Corporate Office), with 4 days onsite and 1 day remote.
Work Authorization: Work visa sponsorship is not available for this role.
Job Responsibilities:
Monitors, identifies, investigates and analyzes all response activities related to cybersecurity incidents within the organization that require broad expertise or unique knowledge.
Identifies security flaws and vulnerabilities; responds to cybersecurity incidents, conducts threat analysis as directed and addresses detected incidents.
Evaluates event flows to identify common to advanced risks and vulnerabilities to develop and implement solutions.
Provides assistance in monitoring the security of all designated networks and systems.
May prepare detailed incident reports and technical briefs for the IT security team. May present issues to team
This role works on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results.
Assists with security audits, risk analysis, network forensics and penetration testing.
Creates formal networks involving coordination among groups.
May indirectly supervise other Specialists.
Provides subject matter expertise and insight to clients about industry attack trends and defenses by developing and maintaining deep awareness and understanding of evolving threats, adversaries and intrusion trends. Provides subject matter expertise to less experienced team members. May participate in teaching and training members of the work team.
About Walgreens Founded in 1901, Walgreens (www.walgreens.com) has a storied heritage of caring for communities for generations and proudly serves nearly 9 million customers and patients each day across its approximately 8,500 stores throughout the U.S. and Puerto Rico, and leading omni channel platforms. Walgreens has approximately 220,000 team members, including nearly 90,000 healthcare service providers, and is committed to being the first choice for retail pharmacy and health services, building trusted relationships that create healthier futures for customers, patients, team members and communities.
Basic Qualifications
Bachelor’s degree and at least 4 years of Information/Cyber Security experience OR a High School Diploma/GED and at least 7 years of experience in Information/Cyber Security
At least 3 years of Cyber Security experience in at least three of the following: Active threat hunting (open source or commercial tooling), Intrusion analysis, Managed or enterprise information security services, Incident response, Endpoint forensics (Windows, MAC, or Linux), Malware analysis, Penetration testing, Network defense, Threat hunting, Information security consulting
Experience establishing & maintaining relationships with individuals at all levels of the organization, in the business community & with vendors.
Experience using time management skills such as prioritizing/organizing and tracking details and meeting deadlines of multiple projects with varying completion dates
Experience analyzing and reporting data in order to identify issues, trends, or exceptions to drive improvement of results and find solutions.
Willing to travel up to/at least 10% of the time for business purposes (within state and out of state).
Experience building and tuning detection logic (rules, alerts, behavioral analytics) across hybrid environments using SIEM platforms such as Splunk or Microsoft Sentinel
Experience automating workflows, including converting manual playbooks into code using Python or similar languages
Strong understanding of attacker TTPs, threat hunting methodologies, and malware analysis techniques to inform detection engineering and response operations
Experience mentoring and developing junior team members through knowledge sharing, training programs, and tabletop exercises
GCIH, GCTI, GCFA, GCDA, GCED, CISSP, CISM, CySA+, or equivalent industry certification
Additional Preferred Experience:
Cloud security monitoring and investigations across IaaS, PaaS, and SaaS environments
Familiarity with containerized, serverless, or microservices architectures and their unique detection challenges
Experience with distributed systems observability, telemetry pipelines, and large-scale log analysis
Leadership & Behavioral Attributes:
Maintains composure and sound decision-making under pressure, including during active incidents and ambiguous scenarios
Operates with independence and ownership, driving work through resolution
Identifies gaps in detection coverage, processes, or tooling and proactively drives improvements
Communicates technical findings clearly to technical and non-technical audiences
Fosters a culture of continuous improvement through retrospectives, documentation, and knowledge sharing
Builds trusted relationships across security, engineering, and business teams to enable effective cross-functional incident response
We will consider employment of qualified applicants with arrest and conviction records.
