Staff Threat Researcher and Intelligence Engineer

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time. POSITION SUMMARY CVS Health is hiring a Staff Threat Researcher and Intelligence Engineer within CVS Health’s Cyber Threat Intelligence (CTI) team that is responsible for all phases of cyber security intelligence (collection, analysis, production and dissemination) and tasked with identifying increasingly sophisticated cyber-attacks; monitoring the tactics, techniques and procedures of threat actors and establishing motives that could impact company resources. This intelligence is then leveraged to actively hunt for adversary activity targeting CVS Health’s computing environment. In this role, you will lead advanced research initiatives targeting sophisticated cyber threats, architect and implement innovative solutions for threat intelligence collection, analysis, and automation, with a particular emphasis on coding and engineering. Your work will drive the development of new methodologies for identifying, tracking, and mitigating adversary activity, leveraging deep technical expertise and advanced programming skills. You will also foster collaboration with the broader intelligence community, law enforcement, and industry partners to enhance CVS Health’s security posture. What we expect of you Lead the design and development of advanced threat research platforms and prototypes, focusing on automation and scalable intelligence workflows. Architect and code solutions for collecting, processing, and analyzing diverse threat data sources, including telemetry, commercial feeds, and OSINT. Conduct in-depth research on emerging threat actors, tactics, techniques, and procedures (TTPs), including dark net intelligence gathering, and produce actionable reports for stakeholders. Engineer and automate the intelligence cycle, continuously improving processes for detection, alerting, and incident enrichment using SIEM, SOAR, and EDR technologies. Mentor and guide team members in advanced coding practices, threat research methodologies, and engineering best practices. Develop and present technical briefings, research papers, and position documents to executive leadership and external partners. REQUIRED QUALIFICATIONS 7+ years of experience in threat intelligence research, including advanced collection and analysis methodologies, threat actor profiling, and MITRE ATT&CK techniques. 7+ years of experience in SIEM, SOAR, and EDR tools, both open source and commercial. 6+ years of experience in scripting and programming languages (e.g., Python, PowerShell, Go) for automating threat intelligence workflows and building research tools. 5+ years of experience architecting and coding threat intelligence platforms and research environments. 5+ years of experience in engineering solutions for large-scale data analysis, including security logs, product telemetry, and open-source intelligence. 3+ years of experience in producing and presenting high-impact threat research reports and technical briefings to diverse audiences. PREFERRED QUALIFICATIONS Experience leading the development and automation of threat intelligence and research platforms at scale. Subject matter expertise in retail and healthcare threat intelligence, with a focus on coding and research innovation. Advanced experience in dark net intelligence collection, threat actor research, and prototype development for new detection capabilities. Demonstrated ability to produce and present high-impact threat research reports and technical briefings to diverse audiences. Deep familiarity with SIEM, SOAR, and EDR tools, both open source and commercial. Proficiency in applying machine learning techniques to threat research, including experience with model development, feature engineering, and deployment for security analytics and anomaly detection. EDUCATION Bachelor’s degree from accredited university or equivalent work experience (HS diploma + 4 years relevant experience). BUSINESS OVERVIEW Bring your heart to CVS Health Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver. Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more