Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that Vanguard leaders and crew drive faster, stronger, risk-informed decisions.
Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.
Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.
Core Responsibilities
- Lead proactive threat hunting operations across enterprise environments, including adversary emulations, live hunts, and investigative assessments. Identify anomalous behaviors and translate findings into actionable detections.
- Apply hypothesis-driven hunting methodologies, leveraging threat intelligence, behavioral analytics, and the MITRE ATT&CK framework to identify gaps in detection and control coverage.
- Analyze telemetry across the enterprise security stack (endpoint, network, identity, cloud, email, SIEM/XDR) and pivot across datasets to identify advanced threats and hidden attacker activity.
- Identify and validate adversary techniques, mapping observed activity to ATT&CK and informing improvements to detection logic, alerting, and response workflows.
- Enhance detection engineering efforts by developing, tuning, and validating rules, analytics, and behavioral detections based on hunt findings and adversary simulations.
- Leverage scripting and automation (e.g., Python, PowerShell, KQL, SQL) to scale threat hunting activities, enrich data, and improve investigative efficiency.
- Utilize advanced analytics and AI-assisted techniques to accelerate the identification of suspicious or malicious activity.
- Collaborate across CSOC and engineering teams to validate findings, operationalize detections, and strengthen defensive capabilities.
- Produce clear and actionable reporting, including hunt reports, detection gap analyses, and executive summaries that translate technical findings into business risk and recommended actions.
- Support incident response when required, providing deep investigative expertise, threat context, and rapid escalation of critical findings.
- Mentor and guide team members, sharing threat hunting methodologies, tooling expertise, and investigative techniques to improve overall team capability and maturity.
- Continuously evaluate and improve hunt processes, tooling, and methodologies to advance threat hunting maturity and operational effectiveness.
Qualifications
- Preferred 3 - 5 years of experience in threat hunting, detection engineering, incident response, or security operations.
- Strong understanding of threat actor tactics, techniques, and procedures (TTPs) and modern attack methodologies.
- Hands-on experience with enterprise telemetry and security platforms (EDR, SIEM, network monitoring, cloud security tools).
- Proven application of the MITRE ATT&CK framework for threat detection, gap analysis, and adversary mapping.
- Proficiency in scripting and query languages (Python, PowerShell, KQL, SQL, or equivalent).
- Experience with data analysis and large-scale investigation workflows.
- Strong written and verbal communication skills, with the ability to translate technical findings into business-relevant risk.
- Experience working in cross-functional security teams (SOC, IR, Threat Intelligence, Detection Engineering).
- Relevant certifications (e.g., CISSP, GCFA, GCIH, GCDA, or equivalent) preferred.
Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.About Vanguard
At Vanguard, we don't just have a mission—we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.
Vanguard Charlotte, North Carolina, USA Office
Two North Falls Plaza, Charlotte, NC, United States, 28217
Similar Jobs
What you need to know about the Charlotte Tech Scene
Key Facts About Charlotte Tech
- Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
- Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
- Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
- Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus
