The Senior Information Security Engineer (Threat Hunt) proactively hunts for and validates adversary activity across endpoint, identity, network, cloud, and application telemetry, and supports high-severity incident investigations to determine scope and impact. Translates successful hunts and threat intelligence into scalable detections and monitoring (e.g., SIEM/XDR correlation rules, alert logic, scheduled queries, and dashboards) and continuously tunes them to reduce noise while improving coverage. Leverages automation and Artificial Intelligence platforms to accelerate hunt development, enrich investigative context, prioritize high-value leads, and improve the efficiency and scale of threat hunting workflows. Applies deep knowledge of attacker tradecraft and TTPs across the cyber kill chain, including IOC management, tracking, and hypothesis-driven hunting. Success in the role requires strong data and automation skills (e.g., KQL/Splunk SPL/Yara-L plus PowerShell/Python) and hands-on experience with platforms such as Microsoft Sentinel and Microsoft Defender XDR or comparable SIEM/XDR tools. Partners closely with incident response, detection engineering, security testing (purple teaming/adversary emulation), vulnerability management, and threat intelligence to communicate clear findings, risk, confidence, and recommended next steps and drive work to closure. This role participates in security operations on-call rotations and periodic incident-handler rotations to support active investigations and maintain response readiness. Work may occasionally require after-hours engagement during high-severity incidents or vulnerability response activities.
The incumbent also assists system users relative to information systems security matters and undertakes complex projects requiring additional specialized technical knowledge. Specifically, the Information Security Senior Engineer is knowledgeable, proficient, and experienced in:
• Working with business partners within the department to achieve organizational and OIS goals
• Developing required competencies by mastering fundamental tasks
• Independently analyzing technology security posture and appropriate use of security defenses
• Matching technical solutions with business requirements and then designing and implementing them;
• Self-directed software development, testing, support/problem solving, and overall technology administration;
• Organizational procedures such as the system development life-cycle;
• Use of defensive measures and information to identify, analyze and report security events;
• Researching and understanding pertinent information technology laws, policies and procedures
• Establishing timelines and delivery of requirements
• Applying IT-related laws and policies, and providing IT-related guidance throughout the software acquisition lifecycle
• Collecting and analyzing information to identify vulnerabilities and potential for exploitation
• Managing and administering processes and tools that enable the organization to identify, document, and access intellectual capital and information content
• Executing duties governing hardware, software, and information system acquisition programs and other program management policies with minimal support
This is a hybrid position and incumbent must live within 100 miles of a Mayo Clinic campus.
Mayo Clinic will not sponsor or transfer visas for this position including F1 OPT STEM.