Job Description

King & Spalding is a leading global law firm with a commitment to excellence, innovation, and the seamless delivery of legal services. We harness innovative technology and exceptional talent to meet the complex needs of our clients in a fast-paced and dynamic legal landscape.

The Cyber Threat Response Specialist is responsible for proactively identifying, investigating, and responding to advanced cyber threats targeting the organization. This role combines hands-on threat hunting, incident response, and driving intelligence-driven detection engineering, with experience in impersonation-based attacks impacting digital objects such as phone numbers, domains, social media accounts, etc.

KEY RESPONSIBILITIES:

Threat Hunting & Detection

• Proactively hunt for threat actors using telemetry, threat intelligence, and behavioral indicators across enterprise environments.

• Leverage internal and external threat intelligence to develop, refine, and prioritize detection strategies.

• Identify and respond to impersonation and brand abuse attacks targeting digital objects, including:

  • Domains and subdomains

  • Email identities and infrastructure

  • Phone numbers and SMS channels

  • Social media accounts and online platforms

• Translate intelligence insights into actionable detections, alerts, and investigative hypotheses.

Incident Response

• Lead and support investigations into cybersecurity incidents, including email attacks, account compromise, malware, phishing, spoofing, and other types of cyber-attacks.

• Respond to security incidents within Microsoft Security tooling (e.g., Microsoft Defender, Microsoft Sentinel, Microsoft 365 security incidents).

• Perform root cause analysis, define scope, execute containment, plan eradication, and complete recovery activities.

• Collaborate with SOC, IT, Legal, and other stakeholders during active incidents.

• Analyze message headers, sender infrastructure, authentication failures (SPF, DKIM, DMARC), and attacker tradecraft.

DFIR & Malware Analysis

• Conduct dynamic and static analysis of suspicious files and links using sandbox environments and DFIR labs.

• Analyze malware behavior, persistence mechanisms, command-and-control patterns, and indicators of compromise (IOCs).

• Apply DFIR methodologies to endpoint, identity, and cloud-based investigations.

Documentation & Reporting

• Produce clear, accurate, and well-structured investigation reports documenting:

  • Incident timelines and findings

  • Adversary techniques, tactics, and procedures (TTPs)

  • Impact assessment and risk implications

  • Recommended remediation and prevention strategies

• Tailor reporting and communication for multiple audiences, including security teams, leadership, and non-technical stakeholders.

QUALIFICATIONS:

• Proven & demonstrated experience in cyber threat hunting and incident response within enterprise environments.

• Direct experience in responding to Microsoft Security incidents and alerts.

• Strong background investigating email-based attacks.

• Demonstrated experience using sandbox or DFIR lab environments for malware and artifact analysis.

• Solid understanding of attacker tradecraft, threat actor behaviors, and modern attack techniques.

• Ability to document and communicate complex technical findings clearly and concisely.

• Experience developing or improving detection logic based on threat intelligence.

• Familiarity with identity-centric attacks and cloud-based attack surfaces.

• Knowledge of MITRE ATT&CK and its application to investigations and reporting.

• Prior experience working in a SOC, CSIRT, or dedicated threat response team.

• Minimum 5 years’ experience performing all required qualifications.

• Analytical thinking and investigative rigor

• Strong written and verbal communication skills

• Ability to operate effectively during high-pressure incident response scenarios

• Attention to detail with a strong sense of operational urgency

• Collaboration across technical and non-technical teams

• Flexibility and prioritization skills to establish and meet business needs in an organized and timely manner

The firm offers a generous total compensation package with bonuses and raises awarded in recognition of individual merit-based performance. All full-time Business Services employees may participate in King & Spalding’s comprehensive benefit program including health and wellness plan, life and disability insurance, flexible spending accounts and a health savings account, a 401(k) plan, profit sharing plan, and a substantial Paid Time Off (PTO) program.

King & Spalding LLP (K&S) is committed to providing equal employment opportunity to all applicants and employees in full compliance with all state, federal, and local laws prohibiting discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, age, disability or any other status protected by applicable law.

We are proud of our remarkably cohesive culture, which now encompasses more than 2,500 lawyers and business professionals worldwide. We seek to attract and develop the very best talent to work with us.