Threat Emulation Engineer IV

Team OverviewA Threat Emulation Engineer is an introductory role to Red Teams focused on developing foundational skills in adversary tradecraft replication and assessment execution. Engineers at this level work within clearly defined scope and are supported through structured review, feedback, and mentorship. The role is designed as an entry point into Threat Emulation for individuals with experience in related technical fields. No prior Red Team or offensive security experience is required.What You Will DoThe primary focus of the position is Threat Detection Assessments (TDAs). These are collaborative engagements where the team tests whether the organization's defenses can identify specific adversary techniques. Engineers research how adversaries carry out specific techniques, then build and run tests that replicate those techniques in a controlled environment. They document what they built, how they ran it, and what the organization's defenses did in response.Day‑to‑day work includes reading technical research on adversary techniques, reproducing those techniques in a test environment, writing the tools or scripts needed to run each test, executing tests alongside partner teams, and documenting the results. Engineers own the quality of their work products. All work is reviewed by senior engineers before use, but the author is responsible for iterating and improving based on that feedback.Engineers also shadow and support the team's other services under senior guidance. Threat Response Exercises (TRXs) are collaborative engagements where partner teams rehearse incident response. Threat Emulation Operations (TEOs) are unannounced campaigns that test the organization's overall readiness. Exposure to both builds the context needed for advancement.How You Will GrowGrowth at the level is structured around mentorship and increasing independence. Senior engineers define scope, assign work, and provide feedback. Over time, engineers take on broader assignments and work more independently as their skills develop.Review is treated as a learning mechanism rather than a gatekeeping process. Senior engineers identify strengths and areas for growth, and build on those strengths while developing in weaker areas. The goal is to develop an adversary mindset, meaning the ability to think about systems from an attacker's perspective and apply that thinking to realistic test scenarios.Advancement is based on demonstrated capability, not time in grade. The signals that define readiness include the ability to independently research and replicate adversary techniques, clearly document findings, and represent the team to partner functions with confidence. Performance is measured by growth toward these capabilities rather than output volume.CollaborationThe Threat Emulation team works closely with Threat Intelligence, Threat Response, and Threat Detection as part of an integrated threat management model. Engineers interact with these partner teams during assessments and exercises, explaining what they tested and coordinating during execution.Engineers are expected to present their work to peers and partner teams, ask questions when concepts are unclear, and respond constructively to feedback. They are not expected to drive cross‑team processes independently. When coordination needs go beyond explanation or learning, engineers are escalated to more experienced team members.What Experience You'll NeedFormal education in computer science, engineering, information security, or a related technical field may be helpful, but is not required. Equivalent experience gained through professional work, independent study, home lab environments, research projects, or other hands‑on technical learning is equally valued.7 years of experience in security operations, IT, systems administration, software engineering, penetration testing, academic study, self‑directed learning, or other technical backgrounds.Operating system fundamentals, such as process execution, authentication, privilege models, and system events.Basic networking concepts, including common protocols and client‑server interactions.Familiarity with scripting or programming in at least one language.Exposure to command‑line tools and system administration tasks.Understanding of basic security concepts, including access control, logging, and common attack patterns.Candidates should demonstrate the ability to learn independently and engage with unfamiliar technical material. This includes:Reading and understanding technical documentation, research write‑ups, or adversary tradecraft reports.Reproducing described behavior in a lab or test environment.Documenting findings clearly in writing, with attention to technical detail and accuracy.Experience producing written technical material is a strong signal. This can include reports, documentation, blogs, capture‑the‑flag write‑ups, or project notes. Interest in adversary tradecraft, capture‑the‑flag competitions, Hack The Box, or similar platforms is a positive indicator.Candidates should be comfortable explaining technical concepts to others and engaging in constructive discussion. This includes:Asking questions when concepts are unclear.Accepting feedback and incorporating it into subsequent work.Explaining their approach and findings, both in writing and verbally.Prior experience working in team‑based technical environments is beneficial but not required.Candidates that live within a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office four days per week.BenefitsEdward Jones' compensation and benefits package includes medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness), short‑ and long‑term disability, basic life, and basic AD&D coverage. Short‑ and long‑term disability, basic life, and basic AD&D coverage are provided at no cost to associates. Edward Jones offers a 401k retirement plan, and tax‑advantaged accounts: health savings account, and flexible spending account. Edward Jones observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism. Associates may be eligible for bonuses and profit sharing. All associates are eligible for the firm's Employee Assistance Program.Equal Employment OpportunityEdward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.#J-18808-Ljbffr

Government Careers

Show more