Location Hybrid Malvern PA
Role Description
Zoetis is seeking a Cyber Defense Engineer (Manager) who will lead hands-on detection engineering and SOC operations to rapidly identify contain and resolve security threats. This role focuses on complex investigations, building and maintaining high-quality detections, automating response playbooks, and leading proactive threat hunting. The ideal candidate is a practitioner who blends engineering rigor with operational excellence comfortable scripting and integrating tools to create a cohesive automated defense ecosystem. They will partner closely with cross-functional teams to improve signal fidelity reduce false positives shorten time to detect, respond and continuously uplift our detection coverage aligned to MITRE ATT&CK.
POSITION RESPONSIBILITIES
- Build, maintain, and tune detections in our SIEM and EDR aligned to MITRE ATT&CK
- Design, develop, and maintain incident response playbooks, integrations, automations to orchestrate response efforts and evidence collection
- Lead hypothesis-driven threat hunting using telemetry from endpoints, identity, network, and cloud to uncover unknown threats.
- Own telemetry onboarding data quality and normalization ensuring reliable parsing enrichment context mapping and coverage across priority data sources
- Conduct detection QA and continuous tuning to reduce false positives improve precision and accelerate analyst decision-making
- Partner with Red Team and IR on purple-team exercises to validate detections close gaps and document improvements post-incident
- Participate in incident response as a hands-on responder focusing on rapid containment and translating lessons learned into new and improved detections and playbooks
- Create and track metrics for detection coverage fidelity alert volumes MTTA and MTTR using these insights to guide backlog and roadmap priorities
- Collaborate with IT and platform owners to enable logging controls and data pipelines required for high-quality detections while minimizing operational friction
- Provide mentorship and day-to-day guidance to analysts on detection logic triage techniques hunting methodologies and automation usage
- Stay current on evolving threats and platform capabilities and proactively introduce new detections hunting approaches and automation technique
EDUCATION AND EXPERIENCE
Education:
- Preferred - Bachelor's degree in computer science / information systems / business administration or relevant professional experience.
- 2+ years of direct hands-on experience in IT support automation using API's and python.
- 5+ years direct hands-on experience in a security operations role with an emphasis on incident response and automation.
TECHNICAL SKILLS REQUIREMENTS
- Experience in hypothesis-driven threat hunting, alert triage, and investigations using SIEM/EDR/NDR telemetry and cloud logs; understanding of core forensics concepts (host, network, identity).
- Some hands-on experience helping design, implement, and tune security controls (e.g., hardening baselines, logging/telemetry standards, segmentation, access controls, compensating controls) in regulated and hybrid environments.
- Working knowledge of security logging pipelines, normalization/enrichment, and data quality concepts to support detection, hunting, and response.
- Experience supporting automation and standardization efforts (SOAR, scripting, workflows); able to follow and help create playbooks/runbooks to reduce MTTR and operational toil.
- Exposure to analytics techniques that improve detection and response (e.g., reducing false positives, basic anomaly identification, prioritization) with focus on practical, usable outcomes.
- Experience with modern security platforms (SIEM, SOAR, EDR, network/email security); experience assisting with SIEM/SOAR content, integrations, or use-case development.
- Experience participating in incident response activities: following playbooks, documenting actions, escalating appropriately, and contributing to post-incident improvements.
- Working knowledge of administering and securing enterprise platforms (Windows Server and/or Linux/UNIX); familiarity with common enterprise architecture patterns and operational constraints.
- Ability to communicate security findings and risk clearly to technical and non-technical audiences; collaborative approach with stakeholders.
- Strong execution skills with the ability to manage multiple tasks, operate in a fast-paced environment, and contribute hands-on to troubleshooting and implementation with guidance.
- Contribute to building and maintaining SOPs, playbooks, and automation-first processes; help standardize repeatable workflows.
- Assist with defining and tracking SOC metrics/KPIs (e.g., detection coverage, alert quality, MTTD/MTTR, containment effectiveness) and help identify improvement opportunities.
- Support the delivery and maintenance of security tooling and detection/response capabilities (implement changes, tune detections, perform health checks) under senior guidance.
- Eager to learn from others and share knowledge with peers (without formal people-management expectations).
- Collaborate with risk/strategy and business partners to understand priorities and regulated requirements and help align day-to-day work to those needs.
PHYSICAL POSITION REQUIREMENTS
- Primarily office-based work involving sitting, computer use, and meetings.
- Ability to work flexible hours as needed to coordinate with global teams and support audit readiness activities.
- Occasional travel may be required for audits, regulatory meetings, or integration activities.
- No unusual physical demands or attendance requirements expected.
Travel Requirements: 5%-10%
About Zoetis
At Zoetis, our purpose is to nurture the world and humankind by advancing care for animals. As a Fortune 500 company and the world leader in animal health, we discover, develop, manufacture and commercialize vaccines, medicines, diagnostics and other technologies for companion animals and livestock. We know our people drive our success. Our award-winning culture, built around our Core Beliefs, focuses on our colleagues' careers, connection and support. We offer competitive healthcare and retirement savings benefits, along with an array of benefits, policies and programs to support employee well-being in every sense, from health and financial wellness to family and lifestyle resources.
Global Job Applicant Privacy Notice