Senior Threat Hunting Engineer
Join Instacart's Incident Response organization as a Senior Threat Hunting Engineer, where you'll proactively hunt for threats across our complex infrastructure, conduct deep-dive forensic investigations, and build comprehensive attack timelines. This role requires an expert-level practitioner who can identify sophisticated adversaries, analyze attack patterns, and provide critical intelligence to protect our platform and users.

You will work closely with Engineering, Detection, Red Team, Fraud, Trust & Safety, and Legal to ensure Instacart understands its threat landscape and can rapidly respond to malicious activity.

Instacart's Security team protects our products, infrastructure, and ecosystem. We combine strong technical expertise, data-driven insights, and a proactive approach to keep our platform safe. Our Threat hunting function provides strategic, operational, and tactical intelligence to support decision-making and improve detection, response, and resilience.

About the Job
Proactive Threat Hunting

• Design and execute hypothesis-driven threat hunting campaigns across cloud infrastructure, applications, and endpoints
• Identify anomalous behaviors, TTPs (Tactics, Techniques, and Procedures), and indicators of compromise (IOCs)
• Hunt for advanced persistent threats (APTs), insider threats, and supply chain compromises
• Develop custom detection logic and hunting queries (KQL, SPL, SQL) for SIEM and EDR platforms
• Continuously improve hunting methodologies based on emerging threat intelligence

Incident Response & Forensics

• Conduct comprehensive cyber forensic investigations across Linux, Windows, macOS, containers, and cloud environments
• Perform memory forensics, disk analysis, network traffic analysis, and log correlation
• Preserve and analyze digital evidence following chain-of-custody procedures
• Determine root cause, attack vectors, and lateral movement paths

About You
Minimum Qualifications

• 6+ years in cybersecurity with 4+ years focused on threat hunting, incident response, or digital forensics
• Relevant certifications: GCFA, GCFE, GNFA, GREM, OSCP, GCIA, or similar
• Hands-on experience with major security incidents and breach investigations
• Deep understanding of attacker TTPs across the cyber kill chain
• Experience in high-scale cloud environments (AWS, GCP, or Azure)
• Understanding of e-commerce, payment systems, and mobile app security

Preferred Qualifications

• Background in offensive security or red teaming
• Experience with SOAR platforms and security automation
• Knowledge of machine learning for threat detection

Instacart provides highly market-competitive compensation and benefits in each location where our employees work. This role is remote and the base pay range for a successful candidate is dependent on their permanent work location. Offers may vary based on many factors, such as candidate experience and skills required for the role. Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants.