SR Security Engineer I, Hunt & Incident Response jobs in United States
cer-icon
Apply on Employer Site
company-logo

CDW · 2 hours ago

SR Security Engineer I, Hunt & Incident Response

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
money$82K/yr - $115K/yr
date5+ years exp

CDW is a leading multi-brand provider of information technology solutions. The Sr. Security Engineer I will act as a lead incident responder, handling advanced investigations and leading proactive threat detection engineering and threat hunting activities to identify emerging threats.

AnalyticsArtificial Intelligence (AI)Cyber SecurityGraphic DesignHardwareInformation TechnologySoftware
check
H1B Sponsor Likelynote

Responsibilities

Conduct comprehensive alert investigations by correlating data from multiple sources, including SIEM, EDR, firewalls, DNS, and identity logs. Independently assess potential incidents applying advanced analytical judgement
Implement containment measures through EDR and network controls, mitigate lateral movement risks, and provide comprehensive support across all phases of the NIST IR lifecycle with limited supervision
Ensure comprehensive documentation, accurate timelines, and clear communication are delivered to leadership, Tier 3 personnel, and cross-functional stakeholders during incident management
Utilize threat intelligence, including IOC enrichment, TTP mapping, and actor profiling, to enhance the context of investigations and increase the accuracy of detection
Oversee CSOC escalations throughout the shift, mentor Tier 1 analysts, and facilitate effective handoffs during shift transitions
Leverage AI copilots and agentic automation to accelerate triage, summarize investigations, enrich alerts, and validate findings to reduce manual workload
Design, optimize, and validate detection logic—including queries, alerts, and correlation rules—across SIEM/XDR platforms; provide recommendations for enhancements informed by recurring patterns identified during investigations
Assess false positives and suggest tuning strategies based on trends, MITRE ATT&CK mapping, and business context
Collaborate with CSIRT/TDR leaders to enhance playbooks, SOPs, and automation workflows based on real‑world incidents and data insights
Employ scripting languages such as Python or PowerShell to streamline routine detection tasks, including log parsing and data enrichment, in accordance with higher standards of technical proficiency
Partner with Threat Intelligence to identify relevant TTPs and ensure detection coverage aligns with emerging threats and campaigns
Apply AI‑assisted detection engineering to generate, test, and optimize detection rules, leveraging generative AI to accelerate logic creation and improve long‑term detection posture
Conduct proactive, hypothesis‑driven hunts using behavioral analytics, MITRE ATT&CK mapping, and telemetry across endpoints, network, identity, and cloud systems
Actively participate and lead portions of purple‑team style hunting activities, including identification of gaps and iterative improvement of detection logic and data coverage
Conduct comprehensive log analysis (including Sysmon, auditd, DNS, proxy, NetFlow, and EDR telemetry) to identify sophisticated attacker activities that may evade alert detection
Use threat intelligence (campaign tracking, actor profiling, IOC/TTP analysis) to inform hunting hypotheses and identify early indicators of adversary activity
Document hunting outcomes, provide insights to leadership, and contribute to ongoing capability maturity efforts across the CSIRT and CSOC
Continuously assess detection coverage across tools, data sources, and threat categories; identify gaps and recommend strategic improvements
Monitor detection effectiveness using KPIs such as false positive rates, detection latency, incident patterns, and threat campaign applicability
Collaborate with engineering, CSIRT, and CSOC leadership to ensure telemetry quality, log source onboarding, and alignment with organizational risk priorities
Maintain oversight of data correlation capabilities and ensure tuning aligns with business context and emerging adversary techniques
Drive continuous improvement of detection and response processes, leveraging expertise to influence cross‑team strategy and operational outcomes
Use AI‑driven posture assessment (e.g., AI gap analysis, AI‑generated coverage maps) to optimize detection quality and automate recurring posture evaluations

Qualification

Threat DetectionIncident ResponseThreat IntelligenceSIEMMITRE ATT&CKEDR ToolsPythonPowerShellAnalytical SkillsPrioritization SkillsCybersecurity CertificationsCommunication SkillsProblem-Solving Skills

Required

Bachelor's degree and 5 years of Threat Detection and Incident Response experience, OR
9 years of IT experience, of which 5 years should be in Threat Detection and Incident Response
Demonstrated experience with threat intelligence platforms, SIEM, and other cybersecurity tools and technologies such as the following: Microsoft Defender, CrowdStrike XDR, Palo Alto XSIAM, Microsoft Sentinel, Microsoft Azure Active Directory, Splunk
Demonstrated experience and understanding of threat hunting techniques, including the use of EDR tools, network traffic analysis, and other techniques
Experience with the MITRE ATT&CK framework and techniques
Excellent verbal and written communication skills, with the ability to effectively interact with all coworkers and stakeholders
Strong analytical and problem-solving skills, with the ability to think strategically and creatively
Ability to prioritize work and handle multiple tasks simultaneously in a fast-paced, diverse, and growth-oriented environment

Preferred

Current and relevant cybersecurity certifications such as the following are a plus: GIAC Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), Microsoft Azure

Benefits

Annual bonus target of 5% subject to terms and conditions of plan
Benefits overview: https://cdw.benefit-info.com/

Company

CDW

twittertwittertwitter
Glassdoor3.9
company-logo
At CDW, we know how to make technology work so people can do great things.
dateFounded in 1984
location
Vernon Hills, Illinois, USA
people-size10001+ employees
web-link
http://cdw.com

H1B Sponsorship

CDW has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (59)
2024 (49)
2023 (37)
2022 (86)
2021 (44)
2020 (19)

Funding

Current Stage
Public Company
Total Funding
$58.74M
2015-08-01Post Ipo Equity· $58.74M
2013-06-27IPO
2008-07-31Series Unknown

Leadership Team

leader-logo
Christine Leahy
President & CEO
linkedin
leader-logo
Sanjay Sood
Chief Technology Officer
linkedin

Recent News

Government Technology US
FETC26: How to Navigate New Changes to E-Rate
2026-01-16
EIN Presswire
Templar Shield and CDW Announce Strategic Partnership
2026-01-05
MarketScreener
CDW Corp enters $2,884.5 million senior unsecured credit facility - SEC filing
2025-12-24
Company data provided by crunchbase