Lead complex security investigations involving ransomware, phishing, business email compromise (BEC), insider threats, credential theft, privilege escalation, lateral movement, cloud attacks, and advanced persistent threats (APTs).
Serve as the technical escalation point for Tier I and Tier II Security Analysts, providing mentorship, coaching, and guidance during high-priority incidents.
Perform advanced incident detection, triage, containment, eradication, recovery, and root cause analysis across endpoint, network, cloud, and identity environments.
Monitor, investigate, and respond to security alerts using SIEM, EDR/XDR, SOAR, and threat intelligence platforms.
Conduct proactive threat hunting using the MITRE ATT&CK Framework, Indicators of Compromise (IOCs), Indicators of Attack (IOAs), and behavioral analytics.
Develop and optimize detection rules, correlation searches, dashboards, and automated response playbooks to improve detection accuracy and reduce false positives.
Analyze security telemetry across Windows, Linux, Active Directory, Microsoft Entra ID, Microsoft 365, Azure, AWS, and network infrastructure.
Utilize enterprise security tools including Microsoft Sentinel, Splunk Enterprise Security, IBM QRadar, Elastic Security, CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Cortex XDR, VMware Carbon Black, Microsoft Defender XDR, CyberArk, SailPoint, Okta, and Microsoft Entra ID.
Investigate endpoint, identity, cloud, email, and network-based attacks using forensic data and security logs.
Partner with Detection Engineering, Threat Intelligence, Security Engineering, and Customer Success teams to continuously improve MDR capabilities.
Requirements
6–10+ years of experience in Security Operations Center (SOC), Managed Detection & Response (MDR), Incident Response, Threat Hunting, and Cyber Defense.
Experience serving as a technical lead and mentoring Tier I and Tier II Security Analysts.
Deep understanding of the MITRE ATT&CK Framework, Cyber Kill Chain, and the Incident Response lifecycle.
Strong knowledge of Windows internals, Active Directory, Microsoft Entra ID, and enterprise authentication.
Solid understanding of network protocols including DNS, HTTP/S, SMB, LDAP, Kerberos, and TCP/IP.
Experience investigating sophisticated endpoint, cloud, identity, and network-based cyber threats.
Hands-on experience with SIEM, EDR/XDR, SOAR, and threat intelligence platforms.
Strong analytical, troubleshooting, and problem-solving skills with the ability to lead complex investigations.
Ability to analyze indicators of compromise (IOCs), attacker tactics, techniques, and procedures (TTPs), and provide actionable remediation recommendations.
Excellent written and verbal communication skills, including the ability to communicate technical findings to both technical and non-technical stakeholders.