Threat analyst

Threat Analyst

Chicago, IL, USHouston, TX, USKansas City, MO, USDallas, TX, USWashington DC, DC, USPhoenix, AZ, USSt. Louis, MO, USAtlanta, GA, US

Oct 27, 2025

Dentons US LLP is currently recruiting for a Threat Analyst. The Information Security Threat Analyst is responsible for proactively hunting for threats within client environments, developing and tuning SIEM use cases, and conducting in-depth investigations of security events. The role involves monitoring and operationalizing threat intelligence, engineering automation and SOAR playbooks to streamline detection and response and maintain comprehensive documentation of threat hunting activities. The analyst collaborates with internal teams to enhance security operations, participates in incident response, and continuously adapts to the evolving cyber threat landscape.

Responsibilities

• Analyze activity trends using a mix of tools and analytical methodologies to hunt for threats not otherwise detected by configured security alerts.

• Conduct threat scenario analysis to develop new use cases with relevant attack vectors; develop attack scenarios to formulate hunting strategies to identify threats undetected by existing controls.

• Perform in-depth investigation of events of interest identified during hunts or from security alerts as defined investigation and response procedures.

• Monitor, triage, and operationalize threat intelligence from commercial, open-source, ISAC/ISAO, and government sources.

• Correlate threat intelligence with internal telemetry to identify potential compromise and guide hunts and incident response.

• Create and deliver regular threat hunting and threat intelligence reports including hypotheses, datasets, findings, false positives, and detection/response improvements.

• Contribute to the tuning and development of SIEM use cases and other security control configurations to enhance threat detection capabilities.

• Define and track Security Operations metrics.

• Design, develop, and maintain automation and SOAR playbooks to streamline alert triage, enrichment, containment, and notification workflows.

• Automate routine operational tasks (e.g., IOC curation, asset/context lookups, quarantine, user suspension) to reduce MTTD/MTTR.

• Facilitate vulnerability management by correlating vuln data with exploits-in-the-wild; prioritize remediation based on risk and exposure.

• Participate in IR exercises to validate processes and IR capabilities.

• Other duties as assigned to fully meet the requirements of the position.

Required Qualifications

• Bachelor's degree/diploma in Computer Science, Information Security, or related field.

• Minimum 2 years of experience in Cyber Intelligence or as a Threat Hunter, ideally within a CIRT/SOC; hands-on experience with SIEM content and automation development.

• Direct prior experience with core security technologies such as SIEM, vulnerability scanners, anti-virus solutions, and EDRs.

• Strong knowledge of threat intelligence and threat hunting, including MITRE ATT&CK, kill chain, hypothesis-driven methods, and IOC lifecycle management.

• Demonstrated experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Elastic): data onboarding, parsing, correlation rules, dashboards, and tuning.

• Experience with SOAR platforms (e.g., Splunk SOAR, Microsoft Sentinel automation, Swimlane) and building playbooks for enrichment and response.

• Strong analytical and investigative skills; knowledge of technical security controls and mitigations.

• Experience with advanced endpoint analytics and EDR tooling (e.g., CrowdStrike, Defender for Endpoint, Sophos).

• Good working knowledge of common security threats, industry best practices, and security technologies.

• 24x7 on-call availability for high severity incidents.

• Knowledge of digital forensics, malware analysis, penetration testing and ethical hacking.

• Proficiency in scripting languages (Python, PowerShell, shell) is a plus.

• Industry certifications are a strong asset (e.g., GIAC, Microsoft SC-200, Splunk Enterprise Security, AWS/Azure security certs).

Salary

Chicago Only DOE: $83,850 - $107,950

Washington DC Only DOE: $86,900 - $111,850

Dentons US LLP offers a competitive salary and benefits package including medical, dental, vision, 401k, profit sharing, short-term/long-term disability, life insurance, tuition reimbursement, paid time off, paid holidays and discretionary bonuses.

Dentons US LLP is an Equal Opportunity Employer - Disability/Vet. Pursuant to local ordinances, we will consider for employment qualified applicants with arrest and conviction records.

If you need any assistance seeking a job opportunity at Dentons US, LLP, or if you need reasonable accommodation with the application process, please call our Talent Acquisition Specialist at +1 314 259 5898 or contact us at [email protected].

About Dentons

Redefining possibilities. Together, everywhere. For more information visit

Nearest Major Market: Chicago