MS Dept. of Revenue

Role: Threat Detection & Response Analyst

Location: San Jose, CA (Onsite)

Duration: 6+ Months

Job Description:

• Monitor, triage, and investigate security alerts and events across enterprise environments using Splunk SIEM, EDR, network, cloud, and endpoint telemetry.

• Analyze security event logs from diverse sources including firewalls, IDS/IPS, endpoint protection platforms, operating systems, and cloud services to identify malicious activity.

• Perform initial and advanced analysis of security incidents, determine scope and impact, identify root cause, and recommend containment and remediation actions.

• Escalate confirmed incidents appropriately and support end-to-end incident response activities, including coordination with IT, cloud, and infrastructure teams.

• Design, validate, tune, and optimize detection logic, correlation rules, dashboards, and alerting use cases to improve signal-to-noise ratio and operational efficiency.

• Ensure log ingestion health, completeness, and fidelity across critical infrastructure and enterprise systems.

• Support onboarding and integration of new log sources into the Splunk environment, including validation of parsing, normalization, and field extraction.

• Conduct proactive threat hunting using SIEM, EDR, CASB, and cloud telemetry to identify advanced or evasive threats that bypass automated detections.

• Monitor network traffic and behavioral indicators to detect anomalies, lateral movement, privilege abuse, and data exfiltration attempts.

• Prioritize vulnerabilities and remediation efforts based on threat context, asset criticality, and business impact.

• Partner with IT and infrastructure teams to track remediation, validate fixes, and reduce recurring risk.

• Continuously improve detection coverage, response playbooks, and SOC workflows based on incident learnings and emerging threats.

• Maintain accurate documentation for detection use cases, log flows, triage procedures, threat models, and operational standards.

• Collaborate closely with cross-functional security and IT teams to ensure rapid, effective response to security incidents. ________________________________________

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field; Master’s degree preferred.

• 5+ years of experience in a SOC, threat detection, or incident response role with hands-on experience

• Strong expertise in threat analysis, incident investigation, and response workflows.

• Solid understanding of enterprise log sources including Windows/Linux servers, network devices, endpoints, and cloud platforms.

• Experience triaging and investigating alerts in complex, multi-platform environments.

• Familiarity with cloud environments such as AWS, Azure, or similar, including cloud-native logging and security services.

• Knowledge of detection engineering, correlation logic, MITRE ATT&CK techniques, and SOC operational best practices.

• Ability to communicate findings clearly and collaborate effectively across technical and non-technical teams.

• Comfortable operating in diverse, global environments with strong adaptability and professionalism.

• Curious, resilient, and data-driven mindset with a passion for continuous learning and threat research.

• Relevant certifications such as CompTIA Security+, CISSP, Pentest+, or similar are a plus.

Job Type: Contract

Pay: $75.00 - $85.00 per hour

Expected hours: 40 per week

Work Location: In person