SR Security Engineer I, Hunt & Incident Response

Description
At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It's why we're coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we're headed. We're proud to share our story and Make Amazing Happen at CDW.
* Job Summary
* Your role at CDW is of the utmost importance to the company's mission, objectives, and reputation. As a Sr. Security Engineer I of Threat Detection and Response, you will act as a lead incident responder, handling advanced investigations, containment, data correlation, and mentoring CSOC analysts during escalations and shift changes. The position also leads proactive threat detection engineering and threat hunting activities to identify emerging threats and strengthen the organization's overall detection capabilities. It is responsible for continuously assessing detection posture- identifying coverage gaps, improving telemetry quality, refining detection logic, and driving cross‑team improvements to ensure high‑fidelity, risk‑aligned detection. The analyst applies threat intelligence to enrich investigations and informs detection strategy while enhancing playbooks and automation across CSIRT and CSOC workflows. Additionally, the role leverages AI and agentic automation to streamline triage, accelerate analysis, and reduce manual effort across detection and response functions.
* What you will do:
* Your responsibilities include four parts:
* Threat Detection and Incident Response
* Conduct comprehensive alert investigations by correlating data from multiple sources, including SIEM, EDR, firewalls, DNS, and identity logs. Independently assess potential incidents applying advanced analytical judgement.
* Implement containment measures through EDR and network controls, mitigate lateral movement risks, and provide comprehensive support across all phases of the NIST IR lifecycle with limited supervision.
* Ensure comprehensive documentation, accurate timelines, and clear communication are delivered to leadership, Tier 3 personnel, and cross-functional stakeholders during incident management.
* Utilize threat intelligence, including IOC enrichment, TTP mapping, and actor profiling, to enhance the context of investigations and increase the accuracy of detection.
* Oversee CSOC escalations throughout the shift, mentor Tier 1 analysts, and facilitate effective handoffs during shift transitions.
* Leverage AI copilots and agentic automation to accelerate triage, summarize investigations, enrich alerts, and validate findings to reduce manual workload. Threat Detection Engineering
* Design, optimize, and validate detection logic- including queries, alerts, and correlation rules- across SIEM/XDR platforms; provide recommendations for enhancements informed by recurring patterns identified during investigations.
* Assess false positives and suggest tuning strategies based on trends, MITRE ATT&CK mapping, and business context.
* Collaborate with CSIRT/TDR leaders to enhance playbooks, SOPs, and automation workflows based on real‑world incidents and data insights.
* Employ scripting languages such as Python or PowerShell to streamline routine detection tasks, including log parsing and data enrichment, in accordance with higher standards of technical proficiency.
* Partner with Threat Intelligence to identify relevant TTPs and ensure detection coverage aligns with emerging threats and campaigns.
* Apply AI‑assisted detection engineering to generate, test, and optimize detection rules, leveraging generative AI to accelerate logic creation and improve long‑term detection posture. Threat Hunting
* Conduct proactive, hypothesis‑driven hunts using behavioral analytics, MITRE ATT&CK mapping, and telemetry across endpoints, network, identity, and cloud systems.
* Actively participate and lead portions of purple‑team style hunting activities, including identification of gaps and iterative improvement of detection logic and data coverage.
* Conduct comprehensive log analysis (including Sysmon, auditd, DNS, proxy, NetFlow, and EDR telemetry) to identify sophisticated attacker activities that may evade alert detection.
* Use threat intelligence (campaign tracking, actor profiling, IOC/TTP analysis) to inform hunting hypotheses and identify early indicators of adversary activity.
* Document hunting outcomes, provide insights to leadership, and contribute to ongoing capability maturity efforts across the CSIRT and CSOC.
* Employ AI/agentic tooling to generate hunting hypotheses, enrich datasets, automate pivoting, and accelerate pattern recognition during hunts. Detection Posture Management
* Continuously assess detection coverage across tools, data sources, and threat categories; identify gaps and recommend strategic improvements.
* Monitor detection effectiveness using KPIs such as false positive rates, detection latency, incident patterns, and threat campaign applicability.
* Collaborate with engineering, CSIRT, and CSOC leadership to ensure telemetry quality, log source onboarding, and alignment with organizational risk priorities.
* Maintain oversight of data correlation capabilities and ensure tuning aligns with business context and emerging adversary techniques.
* Drive continuous improvement of detection and response processes, leveraging expertise to influence cross‑team strategy and operational outcomes.
* Use AI‑driven posture assessment (e.g., AI gap analysis, AI‑generated coverage maps) to optimize detection quality and automate recurring posture evaluations.
* What we expect of you:
* Bachelor's degree and 5 years of Threat Detection and Incident Response experience, OR
* 9 years of IT experience, of which 5 years should be in Threat Detection and Incident Response.
* Demonstrated experience with threat intelligence platforms, SIEM, and other cybersecurity tools and technologies such as the following: Microsoft Defender, CrowdStrike XDR, Palo Alto XSIAM, Microsoft Sentinel, Microsoft Azure Active Directory, Splunk.
* Demonstrated experience and understanding of threat hunting techniques, including the use of EDR tools, network traffic analysis, and other techniques.
* Experience with the MITRE ATT&CK framework and techniques.
* Excellent verbal and written communication skills, with the ability to effectively interact with all coworkers and stakeholders. Strong analytical and problem-solving skills, with the ability to think strategically and creatively.
* Ability to prioritize work and handle multiple tasks simultaneously in a fast-paced, diverse, and growth-oriented environment.
* Current and relevant cybersecurity certifications such as the following are a plus: GIAC Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), Microsoft Azure. Pay range: $82,000 - $114,800 depending on experience and skill set Annual bonus target of 5% subject to terms and conditions of plan Benefits overview: [https://cdw.benefit-info.com/](https://cdw.benefit-info.com/)
* We make technology work so people can do great things.
* CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. Together, we unite. Together, we win. Together, we thrive. CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law. CDW is committed to fostering an equitable, transparent, and respectful hiring process for all applicants. During our application process, CDW's goal is to get to know you as an applicant and understand your experience, strengths, skills, and qualifications. While AI can help you present yourself more clearly and effectively, the essence of your application should be authentically yours. To learn more, please review [CDW's AI Applicant Notice](https://www.cdwjobs.com/pages/ai-applicant-notice).