Back to Job Search

Threat Detection Operations Lead

  • Location: Plano, Texas, 75024
  • Salary: 85.0
  • Job Type:Contract

Posted about 1 month ago

This international network integration leader has an immediate 6-12+ month contract opportunity in Plano, TX for a Threat Detection Operation Lead.  This position requires experience as a Team Lead along with hands-on Threat Detections experience.  Will be working temporarily remote but must be willing to work onsite in Plano post-COVID.  The Threat Detection Operations Lead role focuses on creating detection logic tailored to enterprise threat landscape by using industry-specific intelligence and developed use cases. In this role you are expected to work closely with Security Engineering in onboarding new data sources and with Cyber Threat Intelligence (CTI) personnel for development of relevant threat hunting and alerting use cases across various networks, while maintaining general threat detection process and platform.


  • Conduct threat detection, incident handling and hunting activities by leveraging security best practices and current detection/response platforms.

  • Classify and prioritize threats through use of cyber threat intelligence, intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed.

  • Develop use cases and create threat detection logic, rules, and alerting in SIEM for response by the Security Operations team.

  • Work with leadership and stakeholders to recommend/implement processes, procedures, and technologies to improve the detection efforts.

  • Operationalize Indicator of Compromise from intelligence feeds by developing, testing, and creating new alerting in the SIEM.

  • Support the 24/7 Security Operations and Incident Response teams.


  • 3+ years of experience in one or more of the following areas: offensive/defensive hunt techniques, malware analysis and Incident Response.

  • 2+ years of experience leading a team and mentoring the team members

  • Experience with content development and alert tuning.

  • Expert knowledge of network monitoring and network exploitation techniques

  • Ability to demonstrate analytical expertise, close attention to details, excellent critical thinking and learn and adapt quickly.

  • Ability to learn and operate in a dynamic environment.

  • Strong written communication skills.

  • Experience working with cyber security tools and software such as Splunk, Symantec End Point, TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Bluecoat, Sourcefire, Active Directory, or relevant cyber security assets.


  • BA/BS or MA/MS in Engineering, Computer Science, Information Security, or Information Systems.

  • Certifications such as GCFA, GREM or OSCP/OSCE

  • Experience with scripting or programming languages such as Python, Bash or PowerShell.

  • Experience with IOC related tools (e.g., YARA, OpenIOC)

  • Experience with orchestration and automation tasks related to threat hunting and alert development.