Home PageWho We Are and What We DoPhilosophyCareerContact Us
Core Competencies Workforce Solutions IT Service Products GSA

This position requires - Clear Background, Drug Test, and Education Check.
Must be authorized to work in the US for any employer without Sponsorship.
(Principal Only! No Corp to Corp)
---------------------------------------------------------------------------------------------------------------------

Position Title: 547336-Security Detection & Response Lead
Location: San Jose, CA
Pay Rate: $85-$90

Contract Duration: 5 months

Responsibilities:

Lead enterprise-wide security monitoring and threat detection across SIEM, EDR, network, endpoint, and cloud security platforms.

• Design, implement, validate, tune, and optimize detection rules, correlation logic, dashboards, and alerting use cases.

• Continuously improve detection quality and reduce false positives to strengthen operational efficiency and signal-to-noise ratio.

• Ensure effective log ingestion, parsing, normalization, field extraction, and telemetry coverage across critical systems and infrastructure.

• Support onboarding and integration of new log sources, security tools, and telemetry pipelines into the security monitoring environment.

• Lead investigation and response activities for security incidents across enterprise systems.

• Serve as the technical lead during high-severity incidents, coordinating containment, eradication, recovery, and cross-functional response efforts with IT, cloud, and infrastructure teams.

 

• Perform advanced analysis to determine incident scope, root cause, impact, and recommended remediation actions.

• Conduct post-incident reviews and drive improvements to detections, playbooks, and response procedures based on lessons learned.

• Lead proactive threat hunting efforts using SIEM, NDR, EDR, CASB, and cloud telemetry to identify advanced or evasive threats.

• Investigate suspicious behaviors including lateral movement, privilege escalation, persistence, and data exfiltration attempts.

• Map detections, investigations, and threat hunting activities to the MITRE ATT&CK framework.

• Mentor and guide SOC analysts and incident responders in threat analysis, investigation techniques, and response workflows.

• Develop, maintain, and improve incident response runbooks, threat models, triage procedures, and detection documentation.

• Track and report on security operations metrics such as MTTD, MTTR, detection coverage, and recurring incident trends.

• Partner with IT, infrastructure, engineering, and vulnerability management teams to prioritize remediation and strengthen overall security posture.

• Collaborate across technical and non-technical teams to ensure rapid, effective response to security incidents and continuous improvement of detection and response capabilities.

Requirements:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field; Master’s degree preferred.

• 6-8 years of experience in security operations, threat detection, incident response, or related cybersecurity roles.

• Hands-on experience with SIEM platforms such as Splunk, including rule creation, correlation logic, dashboarding, and log analysis.

• Strong experience investigating alerts and incidents across endpoint, network, operating system, and cloud environments.

• Deep understanding of incident response methodologies, threat investigation workflows, and root cause analysis.

• Solid knowledge of enterprise log sources including Windows/Linux servers, firewalls, IDS/IPS, endpoints, and cloud-native services.

• Strong knowledge of detection engineering, MITRE ATT&CK techniques, adversary behaviors, and threat hunting methodologies.

• Experience with cloud environments such as AWS, Azure, or similar, including security monitoring and logging services.

• Familiarity with SOAR, automation, or orchestration tools is a plus.

• Strong analytical, problem-solving, and decision-making skills in fast-paced operational environments.

• Excellent written and verbal communication skills, with the ability to clearly present findings to both technical and non-technical stakeholders.

• Ability to lead incident response efforts, mentor team members, and collaborate effectively across diverse global teams.

• Relevant certifications such as CISSP, GCIH, GCIA, Security+, Splunk Security certifications, or comparable credentials are a plus.

 

 

We encourage Minorities, Women, Protected Veterans and Disabled individuals to apply for all positions that they may be qualified for. We maintain a drug-free workplace and perform pre-employment substance abuse testing and background checks

------------------------------------------------------------------------------------------------------

If you are interested in this position, please submit your resume in a Word Document with the month and year that you have worked at each previous position to - Veronika@norlandgroup.com and copy: 547336-Security Detection & Response Lead to the email Subject Line.

Or click this email link and attach your resume in a MS Word Document format

Job Posted Date: 3/16/2026