Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field; Master’s degree preferred.
• 6-8 years of experience in security operations, threat detection, incident response, or related cybersecurity roles.
• Hands-on experience with SIEM platforms such as Splunk, including rule creation, correlation logic, dashboarding, and log analysis.
• Strong experience investigating alerts and incidents across endpoint, network, operating system, and cloud environments.
• Deep understanding of incident response methodologies, threat investigation workflows, and root cause analysis.
• Solid knowledge of enterprise log sources including Windows/Linux servers, firewalls, IDS/IPS, endpoints, and cloud-native services.
• Strong knowledge of detection engineering, MITRE ATT&CK techniques, adversary behaviors, and threat hunting methodologies.
• Experience with cloud environments such as AWS, Azure, or similar, including security monitoring and logging services.
• Familiarity with SOAR, automation, or orchestration tools is a plus.
• Strong analytical, problem-solving, and decision-making skills in fast-paced operational environments.
• Excellent written and verbal communication skills, with the ability to clearly present findings to both technical and non-technical stakeholders.
• Ability to lead incident response efforts, mentor team members, and collaborate effectively across diverse global teams.
• Relevant certifications such as CISSP, GCIH, GCIA, Security+, Splunk Security certifications, or comparable credentials are a plus.
Description
Lead enterprise-wide security monitoring and threat detection across SIEM, EDR, network, endpoint, and cloud security platforms.
• Design, implement, validate, tune, and optimize detection rules, correlation logic, dashboards, and alerting use cases.
• Continuously improve detection quality and reduce false positives to strengthen operational efficiency and signal-to-noise ratio.
• Ensure effective log ingestion, parsing, normalization, field extraction, and telemetry coverage across critical systems and infrastructure.
• Support onboarding and integration of new log sources, security tools, and telemetry pipelines into the security monitoring environment.
• Lead investigation and response activities for security incidents across enterprise systems.
• Serve as the technical lead during high-severity incidents, coordinating containment, eradication, recovery, and cross-functional response efforts with IT, cloud, and infrastructure teams.
• Perform advanced analysis to determine incident scope, root cause, impact, and recommended remediation actions.
• Conduct post-incident reviews and drive improvements to detections, playbooks, and response procedures based on lessons learned.
• Lead proactive threat hunting efforts using SIEM, NDR, EDR, CASB, and cloud telemetry to identify advanced or evasive threats.
• Investigate suspicious behaviors including lateral movement, privilege escalation, persistence, and data exfiltration attempts.
• Map detections, investigations, and threat hunting activities to the MITRE ATT&CK framework.
• Mentor and guide SOC analysts and incident responders in threat analysis, investigation techniques, and response workflows.
• Develop, maintain, and improve incident response runbooks, threat models, triage procedures, and detection documentation.
• Track and report on security operations metrics such as MTTD, MTTR, detection coverage, and recurring incident trends.
• Partner with IT, infrastructure, engineering, and vulnerability management teams to prioritize remediation and strengthen overall security posture.
• Collaborate across technical and non-technical teams to ensure rapid, effective response to security incidents and continuous improvement of detection and response capabilities.