Security Detection & Response Lead

Description Lead enterprise-wide security monitoring and threat detection across SIEM, EDR, network, endpoint, and cloud security platforms.
• Design, implement, validate, tune, and optimize detection rules, correlation logic, dashboards, and alerting use cases.
• Continuously improve detection quality and reduce false positives to strengthen operational efficiency and signal-to-noise ratio.
• Ensure effective log ingestion, parsing, normalization, field extraction, and telemetry coverage across critical systems and infrastructure.
• Support onboarding and integration of new log sources, security tools, and telemetry pipelines into the security monitoring environment.
• Lead investigation and response activities for security incidents across enterprise systems.
• Serve as the technical lead during high-severity incidents, coordinating containment, eradication, recovery, and cross-functional response efforts with IT, cloud, and infrastructure teams.
• Perform advanced analysis to determine incident scope, root cause, impact, and recommended remediation actions.
• Conduct post-incident reviews and drive improvements to detections, playbooks, and response procedures based on lessons learned.
• Lead proactive threat hunting efforts using SIEM, NDR, EDR, CASB, and cloud telemetry to identify advanced or evasive threats.
• Investigate suspicious behaviors including lateral movement, privilege escalation, persistence, and data exfiltration attempts.
• Map detections, investigations, and threat hunting activities to the MITRE ATT&CK framework.
• Mentor and guide SOC analysts and incident responders in threat analysis, investigation techniques, and response workflows.
• Develop, maintain, and improve incident response runbooks, threat models, triage procedures, and detection documentation.
• Track and report on security operations metrics such as MTTD, MTTR, detection coverage, and recurring incident trends.
• Partner with IT, infrastructure, engineering, and vulnerability management teams to prioritize remediation and strengthen overall security posture.
• Collaborate across technical and non-technical teams to ensure rapid, effective response to security incidents and continuous improvement of detection and response capabilities.