Key skills
PythonPowerShellAIGenerative AIAnalyticsAzureActive DirectorySplunkLeadershipCommunication
About this role
CDW is a leading multi-brand provider of information technology solutions. The Sr. Security Engineer I will act as a lead incident responder, handling advanced investigations and leading proactive threat detection engineering and threat hunting activities to identify emerging threats.
Responsibilities:
- Conduct comprehensive alert investigations by correlating data from multiple sources, including SIEM, EDR, firewalls, DNS, and identity logs. Independently assess potential incidents applying advanced analytical judgement
- Implement containment measures through EDR and network controls, mitigate lateral movement risks, and provide comprehensive support across all phases of the NIST IR lifecycle with limited supervision
- Ensure comprehensive documentation, accurate timelines, and clear communication are delivered to leadership, Tier 3 personnel, and cross-functional stakeholders during incident management
- Utilize threat intelligence, including IOC enrichment, TTP mapping, and actor profiling, to enhance the context of investigations and increase the accuracy of detection
- Oversee CSOC escalations throughout the shift, mentor Tier 1 analysts, and facilitate effective handoffs during shift transitions
- Leverage AI copilots and agentic automation to accelerate triage, summarize investigations, enrich alerts, and validate findings to reduce manual workload
- Design, optimize, and validate detection logic—including queries, alerts, and correlation rules—across SIEM/XDR platforms; provide recommendations for enhancements informed by recurring patterns identified during investigations
- Assess false positives and suggest tuning strategies based on trends, MITRE ATT&CK mapping, and business context
- Collaborate with CSIRT/TDR leaders to enhance playbooks, SOPs, and automation workflows based on real‑world incidents and data insights
- Employ scripting languages such as Python or PowerShell to streamline routine detection tasks, including log parsing and data enrichment, in accordance with higher standards of technical proficiency
- Partner with Threat Intelligence to identify relevant TTPs and ensure detection coverage aligns with emerging threats and campaigns
- Apply AI‑assisted detection engineering to generate, test, and optimize detection rules, leveraging generative AI to accelerate logic creation and improve long‑term detection posture
- Conduct proactive, hypothesis‑driven hunts using behavioral analytics, MITRE ATT&CK mapping, and telemetry across endpoints, network, identity, and cloud systems
- Actively participate and lead portions of purple‑team style hunting activities, including identification of gaps and iterative improvement of detection logic and data coverage
- Conduct comprehensive log analysis (including Sysmon, auditd, DNS, proxy, NetFlow, and EDR telemetry) to identify sophisticated attacker activities that may evade alert detection
- Use threat intelligence (campaign tracking, actor profiling, IOC/TTP analysis) to inform hunting hypotheses and identify early indicators of adversary activity
- Document hunting outcomes, provide insights to leadership, and contribute to ongoing capability maturity efforts across the CSIRT and CSOC
- Continuously assess detection coverage across tools, data sources, and threat categories; identify gaps and recommend strategic improvements
- Monitor detection effectiveness using KPIs such as false positive rates, detection latency, incident patterns, and threat campaign applicability
- Collaborate with engineering, CSIRT, and CSOC leadership to ensure telemetry quality, log source onboarding, and alignment with organizational risk priorities
- Maintain oversight of data correlation capabilities and ensure tuning aligns with business context and emerging adversary techniques
- Drive continuous improvement of detection and response processes, leveraging expertise to influence cross‑team strategy and operational outcomes
- Use AI‑driven posture assessment (e.g., AI gap analysis, AI‑generated coverage maps) to optimize detection quality and automate recurring posture evaluations
Requirements:
- Bachelor's degree and 5 years of Threat Detection and Incident Response experience, OR
- 9 years of IT experience, of which 5 years should be in Threat Detection and Incident Response
- Demonstrated experience with threat intelligence platforms, SIEM, and other cybersecurity tools and technologies such as the following: Microsoft Defender, CrowdStrike XDR, Palo Alto XSIAM, Microsoft Sentinel, Microsoft Azure Active Directory, Splunk
- Demonstrated experience and understanding of threat hunting techniques, including the use of EDR tools, network traffic analysis, and other techniques
- Experience with the MITRE ATT&CK framework and techniques
- Excellent verbal and written communication skills, with the ability to effectively interact with all coworkers and stakeholders
- Strong analytical and problem-solving skills, with the ability to think strategically and creatively
- Ability to prioritize work and handle multiple tasks simultaneously in a fast-paced, diverse, and growth-oriented environment
- Current and relevant cybersecurity certifications such as the following are a plus: GIAC Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), Microsoft Azure