Cyber Threat Management Analyst, Specialist | Dallas, TX, USA

Vanguard Group, Inc. • Full-time • Dallas, TX, US • 2d ago

Cyber Threat Management Analyst, Specialist

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource - by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Core Responsibilities

• Lead proactive threat hunting operations across enterprise environments, including adversary emulations, live hunts, and investigative assessments. Identify anomalous behaviors and translate findings into actionable detections.
• Apply hypothesis-driven hunting methodologies, leveraging threat intelligence, behavioral analytics, and the MITRE ATT&CK framework to identify gaps in detection and control coverage.
• Analyze telemetry across the enterprise security stack (endpoint, network, identity, cloud, email, SIEM/XDR) and pivot across datasets to identify advanced threats and hidden attacker activity.
• Identify and validate adversary techniques, mapping observed activity to ATT&CK and informing improvements to detection logic, alerting, and response workflows.
• Enhance detection engineering efforts by developing, tuning, and validating rules, analytics, and behavioral detections based on hunt findings and adversary simulations.
• Leverage scripting and automation (e.g., Python, PowerShell, KQL, SQL) to scale threat hunting activities, enrich data, and improve investigative efficiency.
• Utilize advanced analytics and AI-assisted techniques to accelerate the identification of suspicious or malicious activity.
• Collaborate across CSOC and engineering teams to validate findings, operationalize detections, and strengthen defensive capabilities.
• Produce clear and actionable reporting, including hunt reports, detection gap analyses, and executive summaries that translate technical findings into business risk and recommended actions.
• Support incident response when required, providing deep investigative expertise, threat context, and rapid escalation of critical findings.
• Mentor and guide team members, sharing threat hunting methodologies, tooling expertise, and investigative techniques to improve overall team capability and maturity.
• Continuously evaluate and improve hunt processes, tooling, and methodologies to advance threat hunting maturity and operational effectiveness.
Qualifications

• Preferred 3 - 5 years of experience in threat hunting, detection engineering, incident response, or security operations.
• Strong understanding of threat actor tactics, techniques, and procedures (TTPs) and modern attack methodologies.
• Hands-on experience with enterprise telemetry and security platforms (EDR, SIEM, network monitoring, cloud security tools).
• Proven application of the MITRE ATT&CK framework for threat detection, gap analysis, and adversary mapping.
• Proficiency in scripting and query languages (Python, PowerShell, KQL, SQL, or equivalent).
• Experience with data analysis and large-scale investigation workflows.
• Strong written and verbal communication skills, with the ability to translate technical findings into business-relevant risk.
• Experience working in cross-functional security teams (SOC, IR, Threat Intelligence, Detection Engineering).
• Relevant certifications (e.g., CISSP, GCFA, GCIH, GCDA, or equivalent) preferred.
Special Factors

Sponsorship Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.