Threat Detection & Incident Reponse

**NO 3rd Parties or Sponsorship!

Duration: 6 months+ extension

Location: Remote

Threat Detection & Incident Response (TDIR) Analyst – Senior

We are seeking an experienced Threat Detection & Incident Response (TDIR) Analyst to join our global cybersecurity team. This is a hands-on senior-level role, not a Tier 1 SOC position.

The ideal candidate is a confident technical leader who can own high-severity incidents end-to-end, make sound decisions under pressure, and continuously improve detection and response capabilities across the enterprise.

In this role, you will:

• Lead response efforts during high-severity security incidents
• Take clear ownership and make informed decisions under pressure
• Build and enhance detection capabilities—not just monitor alerts
• Collaborate effectively across security and enterprise teams
• Continuously improve detection coverage, response speed, and operational maturity

ey Responsibilities

Incident Response & Command

• Lead and support incident response across the full lifecycle: detection, containment, eradication, recovery, and post‑incident review
• Serve as incident commander during high‑severity events by:
• Driving clear response plans
• Assigning tasks and ownership
• Maintaining operational momentum
• Escalating with accuracy, context, and sound judgment
• Participate in an on‑call rotation, including weekends and holidays, as required

Threat Detection & Engineering

• Conduct proactive threat hunting and detection engineering using EDR platforms (CrowdStrike preferred)
• Develop, tune, and maintain Splunk SPL queries, dashboards, and alerts
• Apply hypothesis‑driven research techniques to expand detection coverage and reduce adversary dwell time

Collaboration & Continuous Improvement

• Partner with threat intelligence teams to convert intelligence into actionable detections
• Contribute to automation, tooling enhancements, and workflow optimization
• Support cross‑functional security initiatives and enterprise‑wide cybersecurity projects

Required Qualifications

• Demonstrated experience leading high‑severity security incidents
• Strong sense of ownership, accountability, and prioritization
• Minimum five (5) years of hands‑on experience in Security Operations, Incident Response, or equivalent enterprise SOC environments
• Advanced proficiency with Splunk, including:
• SPL development
• Dashboards and alerts
• Investigations and threat hunting
• Ability to operate effectively in fast‑paced, high-volume, enterprise‑scale environments

Preferred Qualifications

• Experience with EDR platforms (CrowdStrike preferred)
• Threat hunting and detection engineering experience
• Familiarity with the threat intelligence lifecycle and analytical frameworks (e.g., Diamond Model)
• Hypothesis‑driven detection or automation development experience
• Working knowledge of network protocols and infrastructure (CCNA certification is a plus)
• Relevant certifications (preferred, not required):
• GCIH, GCIA, GCFA, GMON, GNFA, OSCP, CCFA