Threat Detection & Response Analyst

Job Title: "Threat Detection & Response Analyst"

Location: San Jose, CA (Onsite)

Duration: Long Term

Must Have's: 1) At least 1+ years hands-on experience with enterprise security tools such as Netskope and Splunk.

2) Overall 3 10 years of total experience.

Description:

• Monitor, triage, and investigate security alerts and events across enterprise environments using Splunk SIEM, EDR, network, cloud, and endpoint telemetry.
• Analyze security event logs from diverse sources including firewalls, IDS/IPS, endpoint protection platforms, operating systems, and cloud services to identify malicious activity.
• Perform initial and advanced analysis of security incidents, determine scope and impact, identify root cause, and recommend containment and remediation actions.
• Escalate confirmed incidents appropriately and support end-to-end incident response activities, including coordination with IT, cloud, and infrastructure teams.
• Design, validate, tune, and optimize detection logic, correlation rules, dashboards, and alerting use cases to improve signal-to-noise ratio and operational efficiency.
• Ensure log ingestion health, completeness, and fidelity across critical infrastructure and enterprise systems.
• Support onboarding and integration of new log sources into the Splunk environment, including validation of parsing, normalization, and field extraction.
• Conduct proactive threat hunting using SIEM, EDR, CASB, and cloud telemetry to identify advanced or evasive threats that bypass automated detections.
• Monitor network traffic and behavioral indicators to detect anomalies, lateral movement, privilege abuse, and data exfiltration attempts.
• Prioritize vulnerabilities and remediation efforts based on threat context, asset criticality, and business impact.
• Partner with IT and infrastructure teams to track remediation, validate fixes, and reduce recurring risk.
• Continuously improve detection coverage, response playbooks, and SOC workflows based on incident learnings and emerging threats.
• Maintain accurate documentation for detection use cases, log flows, triage procedures, threat models, and operational standards.
• Collaborate closely with cross-functional security and IT teams to ensure rapid, effective response to security incidents.

Requirements:

• Bachelor s degree in Computer Science, Information Security, or a related field; Master s degree preferred.
• 5+ years of experience in a SOC, threat detection, or incident response role with hands-on experience
• Strong expertise in threat analysis, incident investigation, and response workflows.
• Solid understanding of enterprise log sources including Windows/Linux servers, network devices, endpoints, and cloud platforms.
• Experience triaging and investigating alerts in complex, multi-platform environments.
• Familiarity with cloud environments such as AWS, Azure, or similar, including cloud-native logging and security services.
• Knowledge of detection engineering, correlation logic, MITRE ATT&CK techniques, and SOC operational best practices.
• Ability to communicate findings clearly and collaborate effectively across technical and non-technical teams.
• Comfortable operating in diverse, global environments with strong adaptability and professionalism.
• Curious, resilient, and data-driven mindset with a passion for continuous learning and threat research.
• Relevant certifications such as CompTIA Security+, CISSP, Pentest+, or similar are a plus.