Staff Threat Researcher and Intelligence Engineer

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

POSITION SUMMARY

CVS Health is hiring a Staff Threat Researcher and Intelligence Engineer within CVS Health’s Cyber Threat Intelligence (CTI) team that is responsible for all phases of cyber security intelligence (collection, analysis, production and dissemination) and tasked with identifying increasingly sophisticated cyber-attacks; monitoring the tactics, techniques and procedures of threat actors and establishing motives that could impact company resources.  This intelligence is then leveraged to actively hunt for adversary activity targeting CVS Health’s computing environment.

In this role, you will lead advanced research initiatives targeting sophisticated cyber threats, architect and implement innovative solutions for threat intelligence collection, analysis, and automation, with a particular emphasis on coding and engineering. Your work will drive the development of new methodologies for identifying, tracking, and mitigating adversary activity, leveraging deep technical expertise and advanced programming skills. You will also foster collaboration with the broader intelligence community, law enforcement, and industry partners to enhance CVS Health’s security posture. 

What we expect of you

• Lead the design and development of advanced threat research platforms and prototypes, focusing on automation and scalable intelligence workflows. 

• Architect and code solutions for collecting, processing, and analyzing diverse threat data sources, including telemetry, commercial feeds, and OSINT. 

• Conduct in-depth research on emerging threat actors, tactics, techniques, and procedures (TTPs), including dark net intelligence gathering, and produce actionable reports for stakeholders. 

• Engineer and automate the intelligence cycle, continuously improving processes for detection, alerting, and incident enrichment using SIEM, SOAR, and EDR technologies. 

• Mentor and guide team members in advanced coding practices, threat research methodologies, and engineering best practices. 

• Develop and present technical briefings, research papers, and position documents to executive leadership and external partners. 

REQUIRED QUALIFICATIONS

• 7+ years of experience in threat intelligence research, including advanced collection and analysis methodologies, threat actor profiling, and MITRE ATT&CK techniques. 

• 7+ years of experience in SIEM, SOAR, and EDR tools, both open source and commercial. 

• 6+ years of experience in scripting and programming languages (e.g., Python, PowerShell, Go) for automating threat intelligence workflows and building research tools. 

• 5+ years of experience architecting and coding threat intelligence platforms and research environments. 

• 5+ years of experience in engineering solutions for large-scale data analysis, including security logs, product telemetry, and open-source intelligence. 

• 3+ years of experience in producing and presenting high-impact threat research reports and technical briefings to diverse audiences. 

PREFERRED QUALIFICATIONS

• Experience leading the development and automation of threat intelligence and research platforms at scale.  

• Subject matter expertise in retail and healthcare threat intelligence, with a focus on coding and research innovation. 

• Advanced experience in dark net intelligence collection, threat actor research, and prototype development for new detection capabilities. 

• Demonstrated ability to produce and present high-impact threat research reports and technical briefings to diverse audiences. 

• Deep familiarity with SIEM, SOAR, and EDR tools, both open source and commercial. 

• Proficiency in applying machine learning techniques to threat research, including experience with model development, feature engineering, and deployment for security analytics and anomaly detection. 

EDUCATION

Bachelor’s degree from accredited university or equivalent work experience (HS diploma + 4 years relevant experience).

BUSINESS OVERVIEW

Bring your heart to CVS Health Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver.  Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.  We strive to promote and sustain a culture of diversity, inclusion and belonging every day.  CVS Health is an affirmative action employer, and is an equal opportunity employer, as are the physician-owned businesses for which CVS Health provides management services. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.  We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.

Pay Range

The typical pay range for this role is:

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.

• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.