Job Specifications
Job Description
Job Title: Security Detection & Response Lead
Position Description: Protingent Staffing has an exciting contract Security Detection & Response Lead with our client located in San Jose, CA.
Job Description:
Lead enterprise-wide security monitoring and threat detection across SIEM, EDR, network, endpoint, and cloud security platforms.
Job Responsibilities:
Design, implement, validate, tune, and optimize detection rules, correlation logic, dashboards, and alerting use cases.
Continuously improve detection quality and reduce false positives to strengthen operational efficiency and signal-to-noise ratio.
Ensure effective log ingestion, parsing, normalization, field extraction, and telemetry coverage across critical systems and infrastructure.
Support onboarding and integration of new log sources, security tools, and telemetry pipelines into the security monitoring environment.
Lead investigation and response activities for security incidents across enterprise systems.
Serve as the technical lead during high-severity incidents, coordinating containment, eradication, recovery, and cross-functional response efforts with IT, cloud, and infrastructure teams.
Perform advanced analysis to determine incident scope, root cause, impact, and recommended remediation actions.
Conduct post-incident reviews and drive improvements to detections, playbooks, and response procedures based on lessons learned.
Lead proactive threat hunting efforts using SIEM, NDR, EDR, CASB, and cloud telemetry to identify advanced or evasive threats.
Investigate suspicious behaviors including lateral movement, privilege escalation, persistence, and data exfiltration attempts.
Map detections, investigations, and threat hunting activities to the MITRE ATT&CK framework.
Mentor and guide SOC analysts and incident responders in threat analysis, investigation techniques, and response workflows.
Develop, maintain, and improve incident response runbooks, threat models, triage procedures, and detection documentation.
Track and report on security operations metrics such as MTTD, MTTR, detection coverage, and recurring incident trends.
Partner with IT, infrastructure, engineering, and vulnerability management teams to prioritize remediation and strengthen overall security posture.
Collaborate across technical and non-technical teams to ensure rapid, effective response to security incidents and continuous improvement of detection and response capabilities.
Job Qualifications:
Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field; Master’s degree preferred.
6-8 years of experience in security operations, threat detection, incident response, or related cybersecurity roles.
Hands-on experience with SIEM platforms such as Splunk, including rule creation, correlation logic, dashboarding, and log analysis.
Strong experience investigating alerts and incidents across endpoint, network, operating system, and cloud environments.
Deep understanding of incident response methodologies, threat investigation workflows, and root cause analysis.
Solid knowledge of enterprise log sources including Windows/Linux servers, firewalls, IDS/IPS, endpoints, and cloud-native services.
Strong knowledge of detection engineering, MITRE ATT&CK techniques, adversary behaviors, and threat hunting methodologies.
Experience with cloud environments such as AWS, Azure, or similar, including security monitoring and logging services.
Familiarity with SOAR, automation, or orchestration tools is a plus.
Strong analytical, problem-solving, and decision-making skills in fast-paced operational environments.
Excellent written and verbal communication skills, with the ability to clearly present findings to both technical and non-technical stakeholders.
Ability to lead incident response efforts, mentor team members, and collaborate effectively across diverse global teams.
Relevant certifications such as CISSP, GCIH, GCIA, Security+, Splunk Security certifications, or comparable credentials are a plus.
Job Details:
Job Type: Contract
Pay Rate: $85-$90 an hour.
Location: San Jose, CA.
Benefits Package: Protingent offers competitive salaries, insurance plan options (HDHP plan or POS plan), education/certification reimbursement, pre-tax commuter benefits, Paid Time Off (PTO), and an administered 401k plan.
About Protingent: Protingent is an Award-Winning provider of top-tier Engineering and IT talent, trusted by companies at the forefront of innovation — from Software and Aerospace to AI, Clean Tech, Medical Devices, and Connected Technologies. We’re passionate about making a positive impact by connecting exceptional talent with meaningful opportunities and helping our clients build the future.