VP, Cyber Intelligence Leader
Synchrony, Stamford, CT, United States
Role Summary/Purpose
The Cyber Intelligence Leader leads Synchrony’s Cyber Threat Intelligence (CTI), Detection Engineering, and Cyber Hunt programs. The role is accountable for translating external and internal threat signals into actionable intelligence, proactive hunts, and measurable detection improvements across the enterprise. The leader partners closely with Synchrony's Joint Security Operations Center (JSOC), Incident Response, Vulnerability Management, and infrastructure/application teams to reduce adversary dwell time and strengthen Synchrony’s cyber defenses. The ideal candidate will possess financial sector cyber intelligence and overall Information Security expertise.
Essential Responsibilities
Define intelligence requirements and collection plans focused on threats relevant to financial services and Synchrony’s environment.
Produce strategic, operational, and tactical intelligence (executive reporting, actor/campaign tracking, TTP and IOC packages).
Translate intelligence into detection content, hunt hypotheses, response playbooks, and prioritized mitigations.
Manage the intelligence lifecycle (collection → analysis → production → dissemination → feedback).
Lead hypothesis-driven hunts mapped to MITRE ATT&CK, focused on high-risk scenarios and validated by available telemetry.
Coordinate hunts across endpoint, network, cloud, identity, and edge/WAF; document repeatable hunt playbooks.
Escalate validated suspicious activity to Incident Response and support containment/remediation as needed.
Convert hunt findings into durable improvements: detections, data onboarding/enrichment, and control remediation.
Lead a detection engineering function responsible for building and maintaining detection content and analytics across the enterprise.
Develop detection standards (naming, severity, testing criteria, evidence requirements, runbooks) and a structured tuning process.
Ensure detections are threat-informed (ATT&CK-mapped), measurable, and aligned to JSOC workflow and triage capacity.
Drive detection validation through purple-team/attack simulation outcomes and real incident lessons learned.
Partner with SOC to improve alert fidelity, reduce noise, and ensure clear escalation criteria and responder guidance.
Maintain a detection backlog and release cadence; ensure change control and documentation for auditability.
Perform other duties and/or special projects as assigned.
Qualifications / Requirements
Bachelor’s degree in computer science or equivalent, and a minimum 5 years of work experience.
8–12+ years of cybersecurity experience with depth in threat intelligence, threat hunting, detection engineering, and/or incident response.
3+ years leading teams and/or enterprise programs with measurable outcomes.
Demonstrated experience building and operationalizing detections within a SIEM/EDR environment and partnering with SOC/IR.
Strong knowledge of adversary tactics and frameworks (MITRE ATT&CK) and applying them to detection coverage.
Proficiency working with security telemetry across endpoint, network, cloud, and edge; strong investigative mindset.
Strong written and verbal communication skills; ability to brief executives and produce clear technical documentation/runbooks.
Ability and flexibility to travel for business as required.
Desired Characteristics
Experience establishing a detection engineering lifecycle (standards, testing, tuning, change control, coverage reporting).
Detection content engineering expertise; familiarity with data models
ormalization and scalable detection design.
Financial services and/or regulated industry experience; audit‑ready documentation and governance mindset.
Certifications (preferred): GIAC (GCTI/GCIA/GCIH/GNFA), CISSP, CCSP, or similar.
Strong technical knowledge of scripting languages and data access methodologies.
Awareness of the latest cyber security trends and developments.
US Government Security Clearance, as a plus.
Grade / Level 14
Compensation The salary range for this position is 170,000.00 – 290,000.00 USD per year and is eligible for an annual bonus based on individual and company performance. Actual compensation within the posted salary range will be based upon work experience, skill level, or knowledge. Salaries are adjusted according to market in CA, NY Metro and Seattle.
Eligibility Requirements
You must be 18 years or older.
You must have a high school diploma or equivalent.
You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process.
You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
Reasonable Accommodation Notice
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job.
If you need special accommodations, please call our Career Support Line at 1‑866‑301‑5627. Representatives are available from 8am to 5pm Monday to Friday, Central Standard Time.
Job Family Group Information Technology
Equal Employment Opportunity Statement All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
#J-18808-Ljbffr
Essential Responsibilities
Define intelligence requirements and collection plans focused on threats relevant to financial services and Synchrony’s environment.
Produce strategic, operational, and tactical intelligence (executive reporting, actor/campaign tracking, TTP and IOC packages).
Translate intelligence into detection content, hunt hypotheses, response playbooks, and prioritized mitigations.
Manage the intelligence lifecycle (collection → analysis → production → dissemination → feedback).
Lead hypothesis-driven hunts mapped to MITRE ATT&CK, focused on high-risk scenarios and validated by available telemetry.
Coordinate hunts across endpoint, network, cloud, identity, and edge/WAF; document repeatable hunt playbooks.
Escalate validated suspicious activity to Incident Response and support containment/remediation as needed.
Convert hunt findings into durable improvements: detections, data onboarding/enrichment, and control remediation.
Lead a detection engineering function responsible for building and maintaining detection content and analytics across the enterprise.
Develop detection standards (naming, severity, testing criteria, evidence requirements, runbooks) and a structured tuning process.
Ensure detections are threat-informed (ATT&CK-mapped), measurable, and aligned to JSOC workflow and triage capacity.
Drive detection validation through purple-team/attack simulation outcomes and real incident lessons learned.
Partner with SOC to improve alert fidelity, reduce noise, and ensure clear escalation criteria and responder guidance.
Maintain a detection backlog and release cadence; ensure change control and documentation for auditability.
Perform other duties and/or special projects as assigned.
Qualifications / Requirements
Bachelor’s degree in computer science or equivalent, and a minimum 5 years of work experience.
8–12+ years of cybersecurity experience with depth in threat intelligence, threat hunting, detection engineering, and/or incident response.
3+ years leading teams and/or enterprise programs with measurable outcomes.
Demonstrated experience building and operationalizing detections within a SIEM/EDR environment and partnering with SOC/IR.
Strong knowledge of adversary tactics and frameworks (MITRE ATT&CK) and applying them to detection coverage.
Proficiency working with security telemetry across endpoint, network, cloud, and edge; strong investigative mindset.
Strong written and verbal communication skills; ability to brief executives and produce clear technical documentation/runbooks.
Ability and flexibility to travel for business as required.
Desired Characteristics
Experience establishing a detection engineering lifecycle (standards, testing, tuning, change control, coverage reporting).
Detection content engineering expertise; familiarity with data models
ormalization and scalable detection design.
Financial services and/or regulated industry experience; audit‑ready documentation and governance mindset.
Certifications (preferred): GIAC (GCTI/GCIA/GCIH/GNFA), CISSP, CCSP, or similar.
Strong technical knowledge of scripting languages and data access methodologies.
Awareness of the latest cyber security trends and developments.
US Government Security Clearance, as a plus.
Grade / Level 14
Compensation The salary range for this position is 170,000.00 – 290,000.00 USD per year and is eligible for an annual bonus based on individual and company performance. Actual compensation within the posted salary range will be based upon work experience, skill level, or knowledge. Salaries are adjusted according to market in CA, NY Metro and Seattle.
Eligibility Requirements
You must be 18 years or older.
You must have a high school diploma or equivalent.
You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process.
You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
Reasonable Accommodation Notice
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job.
If you need special accommodations, please call our Career Support Line at 1‑866‑301‑5627. Representatives are available from 8am to 5pm Monday to Friday, Central Standard Time.
Job Family Group Information Technology
Equal Employment Opportunity Statement All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
#J-18808-Ljbffr