Haystack
← Back to Jobs
Other

Threat Detection & Response Analyst (CrowdStrike, Splunk, Darktrace, CASB - Must) _San Jose, CA (onsite)_ only Xoriant W2

Xoriant CorporationSan Jose, CA🇺🇸United StatesPosted 6 Jul 2026

Why This Role Stands Out

This role offers a fantastic opportunity to deepen your expertise in cutting-edge security tools like CrowdStrike and Splunk, contributing directly to robust threat detection and response within a dynamic environment. You'll thrive here if you possess a strong analytical mindset and a passion for proactive threat hunting, making significant contributions to the company's security posture. Apply now to leverage your skills and grow your career in cybersecurity.

Quick Overview

Salary
$85/hr
Work Type
On Site
Level
Mid Senior

Job Description

TITLE - Threat Detection & Response Analyst

LOCATION San Jose, CA

DURATION 12+ Months (May get extend)

MODE OF INTERVIEW Zoom/Webex/onsite

RATE $85 per hour onW2 (Without benefits)

JOB DESCRIPTION

The Security tools MUST: CrowdStrike, Splunk, Darktrace, CASB 

  • Monitor, triage, and investigate security alerts and events across enterprise environments using Splunk SIEM, EDR, network, cloud, and endpoint telemetry.
  • Analyze security event logs from diverse sources including firewalls, IDS/IPS, endpoint protection platforms, operating systems, and cloud services to identify malicious activity.
  • Perform initial and advanced analysis of security incidents, determine scope and impact, identify root cause, and recommend containment and remediation actions.
  • Escalate confirmed incidents appropriately and support end-to-end incident response activities, including coordination with IT, cloud, and infrastructure teams.
  • Design, validate, tune, and optimize detection logic, correlation rules, dashboards, and alerting use cases to improve signal-to-noise ratio and operational efficiency.
  • Ensure log ingestion health, completeness, and fidelity across critical infrastructure and enterprise systems.
  • Support onboarding and integration of new log sources into the Splunk environment, including validation of parsing, normalization, and field extraction.
  • Conduct proactive threat hunting using SIEM, EDR, CASB, and cloud telemetry to identify advanced or evasive threats that bypass automated detections.
  • Monitor network traffic and behavioral indicators to detect anomalies, lateral movement, privilege abuse, and data exfiltration attempts.
  • Prioritize vulnerabilities and remediation efforts based on threat context, asset criticality, and business impact.
  • Partner with IT and infrastructure teams to track remediation, validate fixes, and reduce recurring risk.
  • Continuously improve detection coverage, response playbooks, and SOC workflows based on incident learnings and emerging threats.
  • Maintain accurate documentation for detection use cases, log flows, triage procedures, threat models, and operational standards.
  • Collaborate closely with cross-functional security and IT teams to ensure rapid, effective response to security incidents.

Requirements

  • Bachelor s degree in Computer Science, Information Security, or a related field; Master s degree preferred.
  • 5+ years of experience in a SOC, threat detection, or incident response role with hands-on experience Strong expertise in threat analysis, incident investigation, and response workflows.
  • Solid understanding of enterprise log sources including Windows/Linux servers, network devices, endpoints, and cloud platforms.
  • Experience triaging and investigating alerts in complex, multi-platform environments. Familiarity with cloud environments such as AWS, Azure, or similar, including cloud-native logging and security services.
  • Knowledge of detection engineering, correlation logic, MITRE ATT&CK techniques, and SOC operational best practices. Ability to communicate findings clearly and collaborate effectively across technical and non-technical teams.
  • Comfortable operating in diverse, global environments with strong adaptability and professionalism. Curious, resilient, and data-driven mindset with a passion for continuous learning and threat research. Relevant certifications such as CompTIA Security+, CISSP, Pentest+, or similar are a plus.

Skills

AWS
Splunk
Azure
Onboarding
Triage

Similar jobs