Senior Manager, Threat Intelligence & Detection (Hybrid - Seattle)

About the position Responsibilities • Develop and execute the strategic roadmap for threat intelligence, detection engineering, and threat hunting programs across multiple business units • Build, lead, and mentor a high-performing team of detection engineers, threat analysts, and hunters • Serve as the primary subject matter expert and strategic advisor to executive leadership on evolving threat landscapes, defensive priorities, and organizational risk posture • Operationalize threat intelligence by integrating internal and external intel into detection engineering workflows • Maintain and evolve threat intelligence sources (commercial, open-source, government) to inform risk posture and detection priorities • Deliver actionable threat assessments and briefings tailored to technical and executive stakeholders • Lead the full detection engineering lifecycle including threat modeling, detection logic development using query languages (KQL, SPL, SQL), testing with attack simulation frameworks, automated deployment via CI/CD, and continuous tuning based on performance metrics • Drive development of advanced behavior-based, anomaly detections, and AI/ML-powered detection systems aligned with MITRE ATT&CK and emerging threat actor TTPs • Establish strategic partnerships with red team, SOC and incident response management to ensure comprehensive detection coverage and proactive visibility gap closure • Lead enterprise-wide collaboration with cloud architects, infrastructure leadership, and application development teams to enhance telemetry strategies and ensure scalable detection across complex hybrid and multi-cloud environments • Drive strategic contributions to enterprise incident response frameworks, lead tabletop exercises, and oversee purple team program development to continuously test and improve organizational defenses • Champion automation initiatives and establish data-driven decision-making frameworks across all threat detection and response operations • Define, implement, and report on enterprise-level key performance indicators (KPIs) for detection effectiveness, operational efficiency, false positive optimization, and mean time to detection (MTTD) across the organization • Integrate security detection into CI/CD pipelines and support DevSecOps initiatives • Manage budgets, vendor relationships, and technology investments for threat intelligence and detection engineering programs • Establish and maintain strategic relationships with industry peers, threat intelligence communities, and security vendors Requirements • Bachelors Degree in Information Technology, Computer Science, Data Science or related experience required. • 8+ years in information security with a focus on threat intelligence, detection engineering, or security operations • 3-5 years in a leadership or management role with a track record of leading high-performing technical teams • Deep expertise in attacker behaviors, threat actor TTPs, campaigns, and threat landscape evolution across multiple industry verticals • Extensive experience designing, implementing, and optimizing enterprise-scale detections across multiple SIEMs (e.g., Splunk, Sentinel, Chronicle), EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne), and cloud-native security tools • Strong working knowledge of MITRE ATT&CK, threat modeling, and structured threat intelligence formats (e.g., STIX, TAXII) • Proficiency in Python, PowerShell, and at least one other programming language for detection engineering and automation • Experience with detection-as-code practices and version control (Git) • Knowledge of threat hunting methodologies and hypothesis-driven investigations • Comprehensive understanding of NIST Cybersecurity Framework, ISO 27001, SOC 2, and other compliance requirements with implementation experience • Hands-on experience in cloud environments (AWS, Azure, GCP) and containerized workloads (e.g., Kubernetes, ECS) preferred Nice-to-haves • Experience with threat intelligence platforms (e.g., ThreatConnect, MISP, Anomali) and CTI frameworks (e.g., Diamond Model, Kill Chain) is a plus • Advanced knowledge of SOAR platforms (Phantom, Demisto, Swimlane) and enterprise security orchestration • Experience with AI/ML-driven detection systems and automated response orchestration is a plus • API development and integration for security tooling experience preferred • Container security and Kubernetes threat detection knowledge is a plus • Experience with deception technology and honeypot deployment preferred • Industry certifications (e.g., GCTI, GCIA, GDAT, GCED, GCFA, GSEC, CISSP) preferred; cloud security certifications (AWS Security Specialty, Azure Security Engineer) are a plus Benefits • Medical/Vision, Dental, Retirement and Paid Time Away • Life Insurance and Disability • Merchandise Discount and EAP Resources Apply tot his job Apply To this Job