Senior Cyber Security Specialist I - Threat Detection and Response

Job Summary
This role supports Walgreens’ Threat Detection and Response function, focusing on investigating and responding to security incidents across the enterprise.
As a senior-level individual contributor, you will serve as an escalation point, owning incidents end to end from triage through root cause analysis and remediation. Requiring hands-on expertise, strong judgment, and the ability to operate independently.
You will build detection capabilities, proactively hunt for threats, and improve response effectiveness through automation. This work spans hybrid infrastructure, applications, and enterprise systems, using log analysis, behavioral signals, and threat intelligence to identify and mitigate risk.

Key responsibilities include:

• Designing and implementing detection across enterprise environments
• Developing automation to improve detection and response efficiency
• Leading incident response efforts and driving investigations to resolution
• Partnering with cross-functional teams to improve logging, telemetry, and observability
• Conducting proactive threat hunting and operationalizing findings into detections
• Mentoring team members and contributing to overall team capability

Success in this role requires the ability to operate effectively in ambiguous situations, take ownership of work, and independently drive outcomes. The ideal candidate is comfortable navigating complex environments, identifying gaps, and developing solutions that strengthen the organization’s security posture.

Location Requirement:
This is a hybrid role based in Deerfield, IL (Walgreens Corporate Office), with 4 days onsite and 1 day remote.

Work Authorization:
Work visa sponsorship is not available for this role.

Job Responsibilities:

• Monitors, identifies, investigates and analyzes all response activities related to cybersecurity incidents within the organization that require broad expertise or unique knowledge.
• Identifies security flaws and vulnerabilities; responds to cybersecurity incidents, conducts threat analysis as directed and addresses detected incidents.
• Evaluates event flows to identify common to advanced risks and vulnerabilities to develop and implement solutions.
• Provides assistance in monitoring the security of all designated networks and systems.
• May prepare detailed incident reports and technical briefs for the IT security team. May present issues to team
• This role works on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results.
• Assists with security audits, risk analysis, network forensics and penetration testing.
• Creates formal networks involving coordination among groups.
• May indirectly supervise other Specialists.
• Provides subject matter expertise and insight to clients about industry attack trends and defenses by developing and maintaining deep awareness and understanding of evolving threats, adversaries and intrusion trends. Provides subject matter expertise to less experienced team members. May participate in teaching and training members of the work team.

About Walgreens
Founded in 1901, Walgreens ( has a storied heritage of caring for communities for generations and proudly serves nearly 9 million customers and patients each day across its approximately 8,500 stores throughout the U.S. and Puerto Rico, and leading omni channel platforms. Walgreens has approximately 220,000 team members, including nearly 90,000 healthcare service providers, and is committed to being the first choice for retail pharmacy and health services, building trusted relationships that create healthier futures for customers, patients, team members and communities.

Basic Qualifications

• Bachelor’s degree and at least 4 years of Information/Cyber Security experience OR a High School Diploma/GED and at least 7 years of experience in Information/Cyber Security
• At least 3 years of Cyber Security experience in at least three of the following: Active threat hunting (open source or commercial tooling), Intrusion analysis, Managed or enterprise information security services, Incident response, Endpoint forensics (Windows, MAC, or Linux), Malware analysis, Penetration testing, Network defense, Threat hunting, Information security consulting
• Experience establishing & maintaining relationships with individuals at all levels of the organization, in the business community & with vendors.
• Experience using time management skills such as prioritizing/organizing and tracking details and meeting deadlines of multiple projects with varying completion dates
• Experience analyzing and reporting data in order to identify issues, trends, or exceptions to drive improvement of results and find solutions.
• Willing to travel up to/at least 10% of the time for business purposes (within state and out of state).

Preferred Qualifications
Preferred Qualifications:

• Experience building and tuning detection logic (rules, alerts, behavioral analytics) across hybrid environments using SIEM platforms such as Splunk or Microsoft Sentinel
• Experience automating workflows, including converting manual playbooks into code using Python or similar languages
• Strong understanding of attacker TTPs, threat hunting methodologies, and malware analysis techniques to inform detection engineering and response operations
• Experience mentoring and developing junior team members through knowledge sharing, training programs, and tabletop exercises
• GCIH, GCTI, GCFA, GCDA, GCED, CISSP, CISM, CySA+, or equivalent industry certification

Additional Preferred Experience:

• Cloud security monitoring and investigations across IaaS, PaaS, and SaaS environments
• Familiarity with containerized, serverless, or microservices architectures and their unique detection challenges
• Experience with distributed systems observability, telemetry pipelines, and large-scale log analysis

Leadership & Behavioral Attributes:

• Maintains composure and sound decision-making under pressure, including during active incidents and ambiguous scenarios
• Operates with independence and ownership, driving work through resolution
• Identifies gaps in detection coverage, processes, or tooling and proactively drives improvements
• Communicates technical findings clearly to technical and non-technical audiences
• Fosters a culture of continuous improvement through retrospectives, documentation, and knowledge sharing
• Builds trusted relationships across security, engineering, and business teams to enable effective cross-functional incident response

We will consider employment of qualified applicants with arrest and conviction records.

#LI-JW1
Salary Range: $88700 - $141800 / Salaried