Apply on Employer Site

Total Quality Logistics · 3 weeks ago

Incident Detection and Response Engineer

Charlotte, NC

Full-time

Hybrid

Mid Level

$95K/yr - $135K/yr

3+ years exp

TQL is a company focused on enhancing incident detection and response capabilities. As an Incident Detection & Response Engineer, you will design and maintain systems that empower the Security Operations Center and Incident Response teams to effectively detect and respond to threats.

Freight ServiceLogisticsTransportation

Growth Opportunities

No H1B

Responsibilities

Deploy, configure, and maintain SIEM platforms, intrusion detection systems, and other SOC tools

Design and implement scalable detection logic and correlation rules in SIEM, EDR/XDR, and cloud-native security platforms

Build data pipelines and integrations to enrich security telemetry from endpoints, networks, and cloud sources

Ensure security monitoring tools collect accurate, actionable data

Collaborate with incident responders to codify behavioral analytics and detection logic using MITRE ATT&CK and other models

Create APIs, dashboards, and data visualizations to support threat hunting and incident triage

Continuously improve tooling performance, reliability, and usability through feedback from incident responders

Evaluate and integrate open-source and commercial security tools into the detection and response ecosystem

Contribute to red/purple team exercises by building simulation and detection validation tooling

Work with security leadership to define and track metrics for detection coverage, response time, alert fidelity, and tooling effectiveness

Develop and maintain detection-as-code frameworks using version control and CI/CD pipelines

Qualification

SIEM platformsIncident responsePythonCloud securityDetection engineeringAPI integrationsInfrastructure-as-codeData streaming technologiesSoft skills

Required

Bachelor's degree in Computer Science, Software Engineering, or related field, or equivalent combination of education and experience

3+ years experience in incident response or security operations

Experience managing and maintaining security solutions, SIEM, log ingestion pipelines, and API integrations

Proficiency in Python, Go, Powershell, or similar languages used in security tooling

Strong understanding of cloud-native architectures (Azure, AWS, GCP) and associated security services

Familiarity with infrastructure-as-code (Terraform, Ansible) and CI/CD pipelines

Solid grasp of detection engineering principles and adversary techniques (MITRE ATT&CK, kill chain)

Knowledge of data streaming/search technologies (e.g., Kafka, Elasticsearch)

Employment visa sponsorship is unavailable for this position. Applicants requiring employment visa sponsorship now or in the future (e.g., F-1 STEM OPT, H-1B, TN, J1 etc.) will not be considered