Security Detection & Response Lead at Nubyt Inc

Description Lead enterprise-wide security monitoring and threat detection across SIEM, EDR, network, endpoint, and cloud security platforms. • Design, implement, validate, tune, and optimize detection rules, correlation logic, dashboards, and alerting use cases. • Continuously improve detection quality and reduce false positives to strengthen operational efficiency and signal-to-noise ratio. • Ensure effective log ingestion, parsing, normalization, field extraction, and telemetry coverage across critical systems and infrastructure. • Support onboarding and integration of new log sources, security tools, and telemetry pipelines into the security monitoring environment. • Lead investigation and response activities for security incidents across enterprise systems. • Serve as the technical lead during high-severity incidents, coordinating containment, eradication, recovery, and cross-functional response efforts with IT, cloud, and infrastructure teams. • Perform advanced analysis to determine incident scope, root cause, impact, and recommended remediation actions. • Conduct post-incident reviews and drive improvements to detections, playbooks, and response procedures based on lessons learned. • Lead proactive threat hunting efforts using SIEM, NDR, EDR, CASB, and cloud telemetry to identify advanced or evasive threats. • Investigate suspicious behaviors including lateral movement, privilege escalation, persistence, and data exfiltration attempts. • Map detections, investigations, and threat hunting activities to the MITRE ATT&CK framework. • Mentor and guide SOC analysts and incident responders in threat analysis, investigation techniques, and response workflows. • Develop, maintain, and improve incident response runbooks, threat models, triage procedures, and detection documentation. • Track and report on security operations metrics such as MTTD, MTTR, detection coverage, and recurring incident trends. • Partner with IT, infrastructure, engineering, and vulnerability management teams to prioritize remediation and strengthen overall security posture. • Collaborate across technical and non-technical teams to ensure rapid, effective response to security incidents and continuous improvement of detection and response capabilities.