SEARCH JOBS
Threat Detection and Response Analyst
Job Description
Join us at Saige Partners, where we aim to shape your future and be the solution that propels your career forward! For more information, feel free to reach out to Christine Gonzalez via email at cgonzalez@saigepartners.com
Position: Security Detection and Response Lead(Contract Role)
Onsite in San Jose, CA
What You’ll Do
Lead enterprise-wide security monitoring and threat detection across SIEM, EDR, network, endpoint, and cloud security platforms.
• Design, implement, validate, tune, and optimize detection rules, correlation logic, dashboards, and alerting use cases.
• Continuously improve detection quality and reduce false positives to strengthen operational efficiency and signal-to-noise ratio.
• Ensure effective log ingestion, parsing, normalization, field extraction, and telemetry coverage across critical systems and infrastructure.
• Support onboarding and integration of new log sources, security tools, and telemetry pipelines into the security monitoring environment.
• Lead investigation and response activities for security incidents across enterprise systems.
• Serve as the technical lead during high-severity incidents, coordinating containment, eradication, recovery, and cross-functional response efforts with IT, cloud, and infrastructure teams.
• Perform advanced analysis to determine incident scope, root cause, impact, and recommended remediation actions.
• Conduct post-incident reviews and drive improvements to detections, playbooks, and response procedures based on lessons learned.
• Lead proactive threat hunting efforts using SIEM, NDR, EDR, CASB, and cloud telemetry to identify advanced or evasive threats.
• Investigate suspicious behaviors including lateral movement, privilege escalation, persistence, and data exfiltration attempts.
• Map detections, investigations, and threat hunting activities to the MITRE ATT&CK framework.
• Mentor and guide SOC analysts and incident responders in threat analysis, investigation techniques, and response workflows.
• Develop, maintain, and improve incident response runbooks, threat models, triage procedures, and detection documentation.
• Track and report on security operations metrics such as MTTD, MTTR, detection coverage, and recurring incident trends.
• Partner with IT, infrastructure, engineering, and vulnerability management teams to prioritize remediation and strengthen overall security posture.
• Collaborate across technical and non-technical teams to ensure rapid, effective response to security incidents and continuous improvement of detection and response capabilities.
Requirements
Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field; Master’s degree preferred.
• 6-8 years of experience in security operations, threat detection, incident response, or related cybersecurity roles.
• Hands-on experience with SIEM platforms such as Splunk, including rule creation, correlation logic, dashboarding, and log analysis.
• Strong experience investigating alerts and incidents across endpoint, network, operating system, and cloud environments.
• Deep understanding of incident response methodologies, threat investigation workflows, and root cause analysis.
• Solid knowledge of enterprise log sources including Windows/Linux servers, firewalls, IDS/IPS, endpoints, and cloud-native services.
• Strong knowledge of detection engineering, MITRE ATT&CK techniques, adversary behaviors, and threat hunting methodologies.
• Experience with cloud environments such as AWS, Azure, or similar, including security monitoring and logging services.
• Familiarity with SOAR, automation, or orchestration tools is a plus.
• Strong analytical, problem-solving, and decision-making skills in fast-paced operational environments.
• Excellent written and verbal communication skills, with the ability to clearly present findings to both technical and non-technical stakeholders.
• Ability to lead incident response efforts, mentor team members, and collaborate effectively across diverse global teams.
• Relevant certifications such as CISSP, GCIH, GCIA, Security+, Splunk Security certifications, or comparable credentials are a plus.
• Design, implement, validate, tune, and optimize detection rules, correlation logic, dashboards, and alerting use cases.
• Continuously improve detection quality and reduce false positives to strengthen operational efficiency and signal-to-noise ratio.
• Ensure effective log ingestion, parsing, normalization, field extraction, and telemetry coverage across critical systems and infrastructure.
• Support onboarding and integration of new log sources, security tools, and telemetry pipelines into the security monitoring environment.
• Lead investigation and response activities for security incidents across enterprise systems.
• Serve as the technical lead during high-severity incidents, coordinating containment, eradication, recovery, and cross-functional response efforts with IT, cloud, and infrastructure teams.
• Perform advanced analysis to determine incident scope, root cause, impact, and recommended remediation actions.
• Conduct post-incident reviews and drive improvements to detections, playbooks, and response procedures based on lessons learned.
• Lead proactive threat hunting efforts using SIEM, NDR, EDR, CASB, and cloud telemetry to identify advanced or evasive threats.
• Investigate suspicious behaviors including lateral movement, privilege escalation, persistence, and data exfiltration attempts.
• Map detections, investigations, and threat hunting activities to the MITRE ATT&CK framework.
• Mentor and guide SOC analysts and incident responders in threat analysis, investigation techniques, and response workflows.
• Develop, maintain, and improve incident response runbooks, threat models, triage procedures, and detection documentation.
• Track and report on security operations metrics such as MTTD, MTTR, detection coverage, and recurring incident trends.
• Partner with IT, infrastructure, engineering, and vulnerability management teams to prioritize remediation and strengthen overall security posture.
• Collaborate across technical and non-technical teams to ensure rapid, effective response to security incidents and continuous improvement of detection and response capabilities.
Requirements
Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field; Master’s degree preferred.
• 6-8 years of experience in security operations, threat detection, incident response, or related cybersecurity roles.
• Hands-on experience with SIEM platforms such as Splunk, including rule creation, correlation logic, dashboarding, and log analysis.
• Strong experience investigating alerts and incidents across endpoint, network, operating system, and cloud environments.
• Deep understanding of incident response methodologies, threat investigation workflows, and root cause analysis.
• Solid knowledge of enterprise log sources including Windows/Linux servers, firewalls, IDS/IPS, endpoints, and cloud-native services.
• Strong knowledge of detection engineering, MITRE ATT&CK techniques, adversary behaviors, and threat hunting methodologies.
• Experience with cloud environments such as AWS, Azure, or similar, including security monitoring and logging services.
• Familiarity with SOAR, automation, or orchestration tools is a plus.
• Strong analytical, problem-solving, and decision-making skills in fast-paced operational environments.
• Excellent written and verbal communication skills, with the ability to clearly present findings to both technical and non-technical stakeholders.
• Ability to lead incident response efforts, mentor team members, and collaborate effectively across diverse global teams.
• Relevant certifications such as CISSP, GCIH, GCIA, Security+, Splunk Security certifications, or comparable credentials are a plus.
Join our team and help shape the future of enterprise storage technology. Your work will have a global impact, powering performance-driven solutions for the world’s most demanding applications.
About Saige Partners: Recognized as one of the fastest-growing technology and talent companies in the Midwest, Saige Partners believes in nurturing individuals with a zeal for success. We're committed to building careers, not just jobs. Our belief in our employees as our most valuable asset is reflected in our comprehensive benefits package and convenient weekly payment solutions, promoting health and a positive work-life balance. Explore this opportunity and more at https://careers.saigepartners.com/.
Job Requirements
NVMe Solid State Drives (SSDs)
Meet Your Recruiter
Share This Job:
Related Jobs:
About San Jose, CA
Explore exciting job opportunities around San Jose, California! Known as the heart of Silicon Valley, this vibrant city offers a dynamic career landscape with countless growth prospects in tech, engineering, and beyond. San Jose boasts a thriving arts scene, with landmarks like the Tech Museum of Innovation and the San Jose Museum of Art, as well as fantastic dining options that range from trendy cafes to authentic taquerias. With its proximity to beautiful parks like Alum Rock Park and numerous entertainment options, including performances at the San Jose Center for the Performing Arts and cheering for the San Jose Sharks hockey team at the SAP Center, there's no shortage of reasons to kick-start your career in this enchanting city. Discover your next big opportunity in San Jose today!
