Lead Engineeer - Threat Hunting & Countermeasures

The pay range is $132,000.00 - $238,000.00

Pay is based on several factors which vary based on position. These include labor markets and in some instances may include education, work experience and certifications. In addition to your pay, Target cares about and invests in you as a team member, so that you can take care of yourself and your family. Target offers eligible team members and their dependents comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more, to help you and your family take care of your whole selves. Other benefits for eligible team members include 401(k), employee discount, short term disability, long term disability, paid sick leave, paid national holidays, and paid vacation. Find competitive benefits from financial and education to well-being and beyond at https://corporate.target.com/careers/benefits.

About us:

Working at Target means helping all families discover the joy of everyday life. We bring that vision to life through our values and culture. Learn more about Target here.

As a lead engineer, you serve as the technical anchor for the engineering team that supports a product. You create, own and are responsible for the application architecture that best serves the product in its functional and non-functional needs. You identify and drive architectural changes to accelerate feature development or improve the quality of service (or both). You have deep and broad engineering skills and are capable of standing up an architecture in its whole on your own, but you choose to influence a wider team by acting as a “force multiplier”. Core responsibilities of this job are described within this job description. Job duties may change at any time due to business needs.

About the Role

As a Lead Engineer – Threat Hunting and Countermeasures, you will help advance Target’s ability to detect and understand sophisticated threats by combining threat hunting expertise with strong data and analytical capabilities. This role is centered on proactive, hypothesis-driven hunting, but it is equally grounded in the ability to work at scale across large, complex datasets to identify meaningful patterns, anomalies, and indicators of adversary behavior. You will apply statistical methods, security analytics, and machine learning techniques to transform hunting concepts into scalable, repeatable detection strategies. Working across security, detection engineering, and intelligence functions, you will investigate emerging threats, develop countermeasures, improve visibility, and strengthen Target’s overall defensive posture. This role is ideal for someone who is deeply technical, analytically driven, and excited to blend hands-on hunting with modern data science approaches in cyber defense.

Core responsibilities of this job are described within this job description. Job duties may change at any time due to business needs.

Core Responsibilities

• Process and analyze large-scale security datasets using platforms such as BigQuery or similar data environments to identify behavioral patterns, establish baselines, and surface anomalous activity.
• Conduct structured, hypothesis-driven threat hunts informed by threat intelligence, adversary tradecraft, and behavioral analytics.
• Apply statistical analysis, anomaly detection, and machine learning techniques to improve threat detection, investigation, and prioritization workflows.
• Design, develop, operationalize, and tune production-ready detections, including data-driven and machine learning-based approaches, to identify novel or evasive threats.
• Build and enhance scalable analytics and detection pipelines in partnership with detection engineering, data engineering, and platform teams.
• Investigate emerging threats, adversary techniques, and security incidents to refine hunt methodologies and detection strategies.
• Collaborate with incident response, detection engineering, cyber threat intelligence, and other security partners to validate findings and improve security coverage.
• Partner with red and blue teams to test detections, strengthen countermeasures, and expand visibility across the enterprise.
• Contribute to threat modeling and adversary research to continuously improve threat hunting practices and defensive capabilities.

About You

• 4-year degree in cybersecurity, computer science, data science, or a related field, or equivalent practical experience.
• 7+ years of experience in cybersecurity, including at least 3 years focused on developing detections informed by threat intelligence, adversary behaviors, and/or data science and machine learning techniques.
• Experience processing and analyzing large-scale datasets using platforms such as BigQuery, Snowflake, Databricks, or similar technologies.
• Strong data engineering fundamentals, including building and maintaining data pipelines (e.g., ETL workflows, streaming, or batch processing).
• Experience applying data science and machine learning techniques (e.g., anomaly detection, classification, clustering, behavioral modeling) to cybersecurity problems.
• Experience developing, deploying, and tuning production-ready detections using statistical or machine learning–based approaches.
• Strong familiarity with SIEM platforms, EDR solutions, and security data analytics.
• Experience scripting (e.g. Python, PowerShell, Bash) to automate security tasks and enhance threat hunting workflows.
• Deep understanding of adversary tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
• Strong analytical and problem-solving skills, with the ability to interpret large datasets and identify malicious activity.
• Strong communication skills, with the ability to navigate ambiguity and collaborate effectively across security teams.

Desired Skills (not required but a plus):

• Experience developing, deploying, and tuning production-ready detections using statistical or machine learning–based approaches.
• Experience with deception techniques, honeytokens, or other adversary engagement strategies.
• Background in malware analysis, reverse engineering, exploit development, digital forensics, or network security monitoring.
• Experience applying LLMs to security use cases (e.g., log analysis, alert triage, enrichment, or detection augmentation).
• Experience with feature engineering for security telemetry or graph-based threat detection.
• Relevant certifications such as GIAC Machine Learning Engineer (GMLE), GREM, GCFA, or similar advanced cybersecurity or data science credentials.

This position may be considered for a Remote or Hybrid (known internally at Target as "Flex for Your Day") work arrangement based on Target's needs.  A Remote work arrangement means the team member works full-time from home or an alternate location that's not a Target location, does not have a desk at a Target location and may travel to HQ up to 4 times a year.  A Hybrid/Flex for Your Day work arrangement means the team member's core role may be performed either remote or onsite at a Target location depending upon what your role, team and tasks require for that day. Work duties cannot be performed outside of the country of the primary work location, unless otherwise prescribed by Target.

Benefits Eligibility

Please paste this url into your preferred browser to learn about benefits eligibility for this role: https://tgt.biz/BenefitsForYou_E

Americans with Disabilities Act (ADA)

In compliance with state and federal laws, Target will make reasonable accommodations for applicants with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please reach out to candidate.accommodations@HRHelp.Target.com. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed through this channel.  

Application deadline is : 04/17/2026