Security Detection & Response Lead

NO Third Parties/NO C2C/NO HIB VIsas

What You’ll Do

Lead enterprise-wide security monitoring and threat detection across SIEM, EDR, network, endpoint, and cloud security platforms.

• Design, implement, validate, tune, and optimize detection rules, correlation logic, dashboards, and alerting use cases.

• Continuously improve detection quality and reduce false positives to strengthen operational efficiency and signal-to-noise ratio.

• Ensure effective log ingestion, parsing, normalization, field extraction, and telemetry coverage across critical systems and infrastructure.

• Support onboarding and integration of new log sources, security tools, and telemetry pipelines into the security monitoring environment.

• Lead investigation and response activities for security incidents across enterprise systems.

• Serve as the technical lead during high-severity incidents, coordinating containment, eradication, recovery, and cross-functional response efforts with IT, cloud, and infrastructure teams.

• Perform advanced analysis to determine incident scope, root cause, impact, and recommended remediation actions.

• Conduct post-incident reviews and drive improvements to detections, playbooks, and response procedures based on lessons learned.

• Lead proactive threat hunting efforts using SIEM, NDR, EDR, CASB, and cloud telemetry to identify advanced or evasive threats.

• Investigate suspicious behaviors including lateral movement, privilege escalation, persistence, and data exfiltration attempts.

• Map detections, investigations, and threat hunting activities to the MITRE ATT&CK framework.

• Mentor and guide SOC analysts and incident responders in threat analysis, investigation techniques, and response workflows.

• Develop, maintain, and improve incident response runbooks, threat models, triage procedures, and detection documentation.

• Track and report on security operations metrics such as MTTD, MTTR, detection coverage, and recurring incident trends.

• Partner with IT, infrastructure, engineering, and vulnerability management teams to prioritize remediation and strengthen overall security posture.

• Collaborate across technical and non-technical teams to ensure rapid, effective response to security incidents and continuous improvement of detection and response capabilities.

Requirements

The Security tools desired are: Crowdstrike, Splunk, Darktrace, CASB

Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field; Master’s degree preferred.

• 6-8 years of experience in security operations, threat detection, incident response, or related cybersecurity roles.

• Hands-on experience with SIEM platforms such as Splunk, including rule creation, correlation logic, dashboarding, and log analysis.

• Strong experience investigating alerts and incidents across endpoint, network, operating system, and cloud environments.

• Deep understanding of incident response methodologies, threat investigation workflows, and root cause analysis.

• Solid knowledge of enterprise log sources including Windows/Linux servers, firewalls, IDS/IPS, endpoints, and cloud-native services.

• Strong knowledge of detection engineering, MITRE ATT&CK techniques, adversary behaviors, and threat hunting methodologies.

• Experience with cloud environments such as AWS, Azure, or similar, including security monitoring and logging services.

• Familiarity with SOAR, automation, or orchestration tools is a plus.

• Strong analytical, problem-solving, and decision-making skills in fast-paced operational environments.

• Excellent written and verbal communication skills, with the ability to clearly present findings to both technical and non-technical stakeholders.

• Ability to lead incident response efforts, mentor team members, and collaborate effectively across diverse global teams.

• Relevant certifications such as CISSP, GCIH, GCIA, Security , Splunk Security certifications, or comparable credentials are a plus.