Job Description

• Lead and support incident response activities across the full lifecycle: detection, containment, eradication, recovery, and post-incident documentation.
• Serve as incident commander during high-severity security events by driving response plans, assigning ownership and tasks, and maintaining operational tempo.
• Conduct proactive threat hunting and detection engineering using EDR platforms, preferably CrowdStrike.
• Develop, tune, and maintain Splunk SPL queries, dashboards, and alerts to support detection and investigation workflows.
• Collaborate closely with threat intelligence teams to translate intelligence into actionable detections.
• Support cross-functional security initiatives and contribute to automation, tooling improvements, and workflow optimization.

• Must reside in one of the following states: Alabama, California, Georgia, Indiana, Kentucky, Michigan, Missouri, Ohio, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, Florida, Washington.
• Participate in an on-call rotation, including weekends and holidays, as required.

• 5–10 years of hands-on experience in Security Operations, Incident Response, or equivalent SOC environments.
• Advanced proficiency with Splunk, including SPL development, dashboards, investigations, and threat hunting.
• Relevant certifications are a plus: GCIH, GCIA, GCFA, GMON, GNFA, OSCP, CCFA.

• Benefits are available to full-time employees after 90 days of employment.
• A 401(k) with company match is available after 1 year of service.
• This is an AI-formatted job description; recruiter confirmation required.

Job Tags

Similar Jobs