Cyber Threat Detection & Response Analyst

McKessonRichmond, VA
$98,900 - $164,900Onsite

About The Position

The Cybersecurity Threat Detection & Response (TDR) Analyst is responsible for implementing and supporting detection engineering and response enablement solutions. Working under the direction of senior engineers and in partnership with the SOC/CSIRT, this role helps onboard and normalize logs, build and tune detection rules, support alert triage and incident response, and maintain the health and performance of detection platforms (e.g., SIEM, EDR/XDR, SOAR). The TDR Analyst takes initiative to assist in planning and execution, performs assigned engineering tasks within defined scope and guidance, and follows established security policies, standards, and standard operating procedures. The engineer leverages internal and external research tools to understand threats and detections, documents work performed (use cases, runbooks, change records), and escalates risks or issues appropriately to support timely response and remediation.

Requirements

  • Degree or equivalent and typically requires 4+ years of relevant experience
  • 4+ years of experience in cybersecurity and/or IT operations with exposure to security monitoring, detection engineering, incident response, or SOC-supporting engineering (internship/co-op experience
  • Experience supporting or implementing monitoring/detection tooling such as SIEM, EDR, IDS/IPS, logging agents/collectors, or vulnerability scanners; ability to validate data collection and basic alert behavior.
  • Ability to follow change management processes, document work, and meet SLA expectations for assigned tasks, tickets, and detection tuning requests.
  • Demonstrated willingness to learn threat concepts, detection engineering practices, and internal tooling; participates in training, tabletop exercises, and continuous improvement activities.
  • Working knowledge of security monitoring technologies such as SIEM, EDR/XDR, IDS/IPS, firewalls, and threat intelligence feeds; familiarity with ticketing/case management workflows.
  • Experience onboarding or supporting log sources and telemetry pipelines (e.g., Windows/Linux logs, network device logs, cloud logs) including basic parsing/normalization concepts.
  • Ability to follow runbooks and documented procedures, troubleshoot collection/detection issues, and document changes clearly (use cases, tickets, runbooks, change records).
  • Foundational understanding of incident response concepts and security telemetry triage; ability to support investigations by gathering evidence and coordinating with SOC/IR teams.
  • Strong collaboration and communication skills; able to escalate issues appropriately and work effectively with diverse teams, including SOC analysts, incident responders, and infrastructure/application owners.
  • Track record of acting with integrity, being curious and adaptable, and continuously improving technical skills; familiarity with basic adversary concepts (e.g., MITRE ATT&CK, kill chain fundamentals) is a plus.
  • Familiarity with one or more cloud platforms (AWS, Azure, or GCP) and cloud logging/monitoring concepts (IAM signals, audit logs, flow logs, and service logs).
  • Basic scripting or automation skills (e.g., Python, PowerShell, Bash) and willingness to learn query languages used for detections (e.g., SPL/KQL or equivalent, depending on platform).
  • Working knowledge of Windows and Linux logging and troubleshooting fundamentals (processes, authentication events, network connections) to support investigations.
  • Familiarity with security frameworks and standards (e.g., NIST, CIS Benchmarks) and the importance of adhering to security policies and standard operating procedures.
  • Highly organized with the ability to manage multiple tasks, meet SLA expectations, and document work for operational continuity.
  • Ability to participate in on-call or after-hours incident support as needed, and to collaborate calmly during high-severity events.
  • Bachelor’s degree in computer science, information security/assurance, MIS, engineering, or related field; or equivalent practical experience.

Nice To Haves

  • Preferred (not required): Security+, SSCP, or equivalent foundational security certification.
  • TDR/SecOps certifications (a plus): Google Cloud Professional Cloud Security Engineer and/or Associate Cloud Engineer, Google Professional Cloud DevOps Engineer, and/or GIAC certifications (e.g., GSEC, GCIH) depending on role focus.

Responsibilities

  • Implement and maintain log/telemetry collection for security monitoring (endpoints, network devices, cloud services, identity systems, and applications) following documented standards and change-management procedures.
  • Support SIEM and related detection platforms by onboarding data sources, validating parsing/normalization, maintaining data integrity, and monitoring platform health and capacity.
  • Create, implement, and tune detection rules and alerts (SIEM/EDR/XDR) to improve fidelity and reduce noise; document logic, assumptions, and expected outcomes.
  • Support alert triage and incident response by collecting logs/evidence, assisting with containment/eradication tasks, and coordinating engineering fixes (e.g., telemetry gaps, detection improvements) as directed.
  • Assist with automation and orchestration use cases (SOAR/playbooks) to streamline repetitive response tasks; test and validate playbook changes in partnership with SOC/IR.
  • Develop and execute test plans for detections and response workflows (use-case testing, regression checks); identify gaps and recommend enhancements to improve coverage and reliability.
  • Work with security operations, infrastructure, and application teams to resolve telemetry issues, implement secure logging configurations, and support remediation of security findings.
  • Stay current on threats and attacker techniques; leverage research tools and frameworks (e.g., MITRE ATT&CK fundamentals) to help map detections to common tactics and techniques.
  • Perform other duties as assigned.

Benefits

  • competitive compensation package
  • annual bonus
  • long-term incentive opportunities
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service