Threat Detection Specialist

will play a pivotal role in expanding our capabilities and adapting to emerging challenges. Collaboration with highly skilled senior engineers responsible for a wide range of systems and initiatives is essential. Your primary focus will be on detection analysis and development, including participation in attack simulations to test and maintain our content portfolio.

This role will have a Hybrid work schedule, with the expectation of working in an office (Hartford, CT or Charlotte, NC) 3 days a week (Tuesday through Thursday).

RESPONSIBILITIES:

• Design, write, and test correlation searches and detection rules in Splunk Enterprise Security (ES).

• Implement and fine-tune Risk-Based Alerting (RBA) to prioritize critical threats, reduce alert fatigue, and improve detection accuracy.

• Continuously refine, tune, and optimize detections to reduce false positives while maximizing visibility into real-world threats.

• Align detection content with frameworks like MITRE ATT&CK and tailor it to customer-specific risks and environments.

• Participating in adversarial emulations to enhance the robustness of our platforms.

• Providing escalation support for SOC operations, including on-call support (approximately 5 weeks per year).

• Partner with SOAR engineers to help shape playbook development from an analytical and security-first perspective.

• Provide detection context, enrichment logic, and response requirements to support meaningful, threat-informed automation.

• Identify opportunities to scale triage and response processes through intelligent automation.

QUALIFICATIONS:

• 3+ years in cybersecurity, with direct experience in detection engineering, threat hunting, and incident response

• Expert-level proficiency in Splunk SPL, including the development of correlation searches, dashboards, and scheduled alerts

• In-depth knowledge of Splunk Enterprise Security (ES), including hands-on experience configuring and tuning Risk-Based Alerting (RBA)

• Working knowledge of Splunk SOAR, with the ability to collaborate on automation workflows from a threat detection perspective

• Strong understanding of adversary behavior, MITRE ATT&CK, cyber kill chain, and threat modeling

• Experience developing detections for cloud environments (AWS, Azure, or GCP)

• Exposure to EDR platforms such as CrowdStrike, SentinelOne, or Microsoft Defender for Endpoint

• Scripting/automation skills in Python, PowerShell, or Bash are a plus

• Relevant certifications are desirable: GCDA, GCTI, GCFA, GCIH, OSCP, Splunk Certified Consultant/Architect/Admin

Candidate must be authorized to work in the US without company sponsorship. The company will not support the STEM OPT I-983 Training Plan endorsement for this position.

Compensation

The listed annualized base pay range is primarily based on analysis of similar positions in the external market. Actual base pay could vary and may be above or below the listed range based on factors including but not limited to performance, proficiency and demonstration of competencies required for the role. The base pay is just one component of The Hartford's total compensation package for employees. Other rewards may include short-term or annual bonuses, long-term incentives, and on-the-spot recognition. The annualized base pay range for this role is:

$116,400 - $174,600

Equal Opportunity Employer/Sex/Race/Color/Veterans/Disability/Sexual Orientation/Gender Identity or Expression/Religion/Age

About Us | Our Culture | What It's Like to Work Here | Perks & Benefits