Linux
Splunk
Triage
Tooling
Auditing
Teaching
Telemetry
Composure
Operations
Leadership
Automation
Mentorship
IT Security
Coordinating
Log Analysis
Investigation
Microservices
Observability
Risk Analysis
Cyber Security
Cloud Security
Azure Sentinel
Risk Mitigation
Time Management
Decision Making
Threat Detection
Malware Analysis
Incident Response
Digital Forensics
Network Forensics
Incident Reporting
Penetration Testing
Root Cause Analysis
Workflow Automation
GIAC Certifications
Security Consulting
Security Engineering
Behavioral Analytics
Serverless Computing
Cyber Threat Hunting
Relationship Building
Sprint Retrospectives
Ability To Meet Deadlines
Cyber Threat Intelligence
Software As A Service (SaaS)
Platform As A Service (PaaS)
Python (Programming Language)
Continuous Improvement Process
GIAC Cyber Threat Intelligence
Enterprise Application Software
GIAC Certified Incident Handler
GIAC Certified Forensics Analyst
Infrastructure As A Service (IaaS)
CompTIA Cybersecurity Analyst (CySA+)
Certified Information Security Manager
GIAC Certified Enterprise Defender (GCED)
Security Information And Event Management (SIEM)
Certified Information Systems Security Professional
At least 7 years
Posted yesterday
This role is STARs-friendly: Skilled Through Alternative Routes.
35% STARs in role.
Description:
Job Summary
This role supports Walgreens' Threat Detection and Response function, focusing on investigating and responding to security incidents across the enterprise.
As a senior-level individual contributor, you will serve as an escalation point, owning incidents end to end from triage through root cause analysis and remediation. Requiring hands-on expertise, strong judgment, and the ability to operate independently.
You will build detection capabilities, proactively hunt for threats, and improve response effectiveness through automation. This work spans hybrid infrastructure, applications, and enterprise systems, using log analysis, behavioral signals, and threat intelligence to identify and mitigate risk.
Key responsibilities include:
Location Requirement:
This is a hybrid role based in Deerfield, IL (Walgreens Corporate Office), with 4 days onsite and 1 day remote.
Work Authorization:
Work visa sponsorship is not available for this role.
Job Responsibilities:
Founded in 1901, Walgreens (www.walgreens.com) has a storied heritage of caring for communities for generations and proudly serves nearly 9 million customers and patients each day across its approximately 8,500 stores throughout the U.S. and Puerto Rico, and leading omni channel platforms. Walgreens has approximately 220,000 team members, including nearly 90,000 healthcare service providers, and is committed to being the first choice for retail pharmacy and health services, building trusted relationships that create healthier futures for customers, patients, team members and communities.
Basic Qualifications
Preferred Qualifications:
#LI-JW1
Salary Range: $88700 - $141800 / Salaried
This role supports Walgreens' Threat Detection and Response function, focusing on investigating and responding to security incidents across the enterprise.
As a senior-level individual contributor, you will serve as an escalation point, owning incidents end to end from triage through root cause analysis and remediation. Requiring hands-on expertise, strong judgment, and the ability to operate independently.
You will build detection capabilities, proactively hunt for threats, and improve response effectiveness through automation. This work spans hybrid infrastructure, applications, and enterprise systems, using log analysis, behavioral signals, and threat intelligence to identify and mitigate risk.
Key responsibilities include:
- Designing and implementing detection across enterprise environments
- Developing automation to improve detection and response efficiency
- Leading incident response efforts and driving investigations to resolution
- Partnering with cross-functional teams to improve logging, telemetry, and observability
- Conducting proactive threat hunting and operationalizing findings into detections
- Mentoring team members and contributing to overall team capability
Location Requirement:
This is a hybrid role based in Deerfield, IL (Walgreens Corporate Office), with 4 days onsite and 1 day remote.
Work Authorization:
Work visa sponsorship is not available for this role.
Job Responsibilities:
- Monitors, identifies, investigates and analyzes all response activities related to cybersecurity incidents within the organization that require broad expertise or unique knowledge.
- Identifies security flaws and vulnerabilities; responds to cybersecurity incidents, conducts threat analysis as directed and addresses detected incidents.
- Evaluates event flows to identify common to advanced risks and vulnerabilities to develop and implement solutions.
- Provides assistance in monitoring the security of all designated networks and systems.
- May prepare detailed incident reports and technical briefs for the IT security team. May present issues to team
- This role works on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results.
- Assists with security audits, risk analysis, network forensics and penetration testing.
- Creates formal networks involving coordination among groups.
- May indirectly supervise other Specialists.
- Provides subject matter expertise and insight to clients about industry attack trends and defenses by developing and maintaining deep awareness and understanding of evolving threats, adversaries and intrusion trends. Provides subject matter expertise to less experienced team members. May participate in teaching and training members of the work team.
Founded in 1901, Walgreens (www.walgreens.com) has a storied heritage of caring for communities for generations and proudly serves nearly 9 million customers and patients each day across its approximately 8,500 stores throughout the U.S. and Puerto Rico, and leading omni channel platforms. Walgreens has approximately 220,000 team members, including nearly 90,000 healthcare service providers, and is committed to being the first choice for retail pharmacy and health services, building trusted relationships that create healthier futures for customers, patients, team members and communities.
Basic Qualifications
- Bachelor's degree and at least 4 years of Information/Cyber Security experience OR a High School Diploma/GED and at least 7 years of experience in Information/Cyber Security
- At least 3 years of Cyber Security experience in at least three of the following: Active threat hunting (open source or commercial tooling), Intrusion analysis, Managed or enterprise information security services, Incident response, Endpoint forensics (Windows, MAC, or Linux), Malware analysis, Penetration testing, Network defense, Threat hunting, Information security consulting
- Experience establishing & maintaining relationships with individuals at all levels of the organization, in the business community & with vendors.
- Experience using time management skills such as prioritizing/organizing and tracking details and meeting deadlines of multiple projects with varying completion dates
- Experience analyzing and reporting data in order to identify issues, trends, or exceptions to drive improvement of results and find solutions.
- Willing to travel up to/at least 10% of the time for business purposes (within state and out of state).
Preferred Qualifications:
- Experience building and tuning detection logic (rules, alerts, behavioral analytics) across hybrid environments using SIEM platforms such as Splunk or Microsoft Sentinel
- Experience automating workflows, including converting manual playbooks into code using Python or similar languages
- Strong understanding of attacker TTPs, threat hunting methodologies, and malware analysis techniques to inform detection engineering and response operations
- Experience mentoring and developing junior team members through knowledge sharing, training programs, and tabletop exercises
- GCIH, GCTI, GCFA, GCDA, GCED, CISSP, CISM, CySA+, or equivalent industry certification
- Cloud security monitoring and investigations across IaaS, PaaS, and SaaS environments
- Familiarity with containerized, serverless, or microservices architectures and their unique detection challenges
- Experience with distributed systems observability, telemetry pipelines, and large-scale log analysis
- Maintains composure and sound decision-making under pressure, including during active incidents and ambiguous scenarios
- Operates with independence and ownership, driving work through resolution
- Identifies gaps in detection coverage, processes, or tooling and proactively drives improvements
- Communicates technical findings clearly to technical and non-technical audiences
- Fosters a culture of continuous improvement through retrospectives, documentation, and knowledge sharing
- Builds trusted relationships across security, engineering, and business teams to enable effective cross-functional incident response
#LI-JW1
Salary Range: $88700 - $141800 / Salaried
Posting ID: 1783962BR
