This role involves leading complex, high-severity security investigations across endpoint, network, cloud, and identity telemetry while translating evidence into clear containment guidance
Job Summary
This role involves leading complex, high-severity security investigations across endpoint, network, cloud, and identity telemetry while translating evidence into clear containment guidance.
The position offers the opportunity to influence detection engineering and response automation by identifying content gaps and converting operational lessons learned into durable improvements.
Candidates will mentor junior analysts, conduct quality reviews, and contribute to training guides while utilizing AI-driven tools to enhance analyst speed and consistency.
Matching Summary
This role involves leading complex, high-severity security investigations across endpoint, network, cloud, and identity telemetry while translating evidence into clear containment guidance.
Salary
Base: $95,400 - $192,000; Bonus/Equity: Discretionary bonus based on performance; Benefits: Competitive package including schedule flexibility
Skills & Requirements
Must-have
5+ years SOC or incident response experience
Advanced SIEM/EDR/XDR investigation skills
Root cause analysis and MITRE ATT&CK mapping
Detection content tuning with KQL/SPL/Sigma
SOAR platform automation and workflow optimization
Nice-to-have
AI copilot and LLM prompt engineering experience
Strong written and verbal communication skills
Curious and detail-oriented proactive defense mindset
Experience with Elastic or Splunk platforms
Scripting languages for automation and enrichment
Key Requirements
Bachelor's degree in Cybersecurity, IT, or related field
5+ years of experience in SOC, detection engineering, or incident response
Demonstrated ability to communicate findings to technical and non-technical stakeholders
Certifications such as GCIH, GCFA, or GCDA preferred
US work authorization required; no sponsorship available