Principal Incident Response and Security Data Intelligence

At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It’s why we’re coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we’re headed. We’re proud to share our story and Make Amazing Happen at CDW.

Job Summary 
Your role at CDW is of the utmost importance to the company’s mission, objectives, and reputation. As a Principal of Incident Response and Security Data Intelligence, you will play a pivotal role in identifying and analyzing cyber threat tactics, techniques, and procedures—ensuring proactive detection capabilities by leveraging automation to aid the global threat detection and response mission. 
 

What you will do:
Your responsibilities include four parts:

Threat Detection and Incident Response

• Develop incident response methodologies to triage cybersecurity events and incidents for other members of a growing team
• Collaborate with other coworkers and teams to develop and deploy cybersecurity countermeasures during cybersecurity events and incidents.
• Perform post event and incident analysis to prevent recurrence.
• Perform after action analysis to identify areas and opportunities of improvement to reduce the chance or impact of future events and incidents.
• Build/Define and standardize procedures and processes for triage methods.

Data Mining and Visualization

• Lead efforts to mine, normalize, and enrich security telemetry and log data for advanced analysis.
• Identify patterns and anomalies to support proactive threat detection and risk assessment.
• Develop and maintain detection content (e.g., correlation rules, anomaly models) to support threat hunting and incident response teams.
• Define and maintain key performance and risk indicators (KPIs/KRIs) for the security operations team.
• Translate technical findings into executive-level metrics and insights for the CISO and leadership.
• Provide foundational data sets and visualizations that enhance Incident Response, Threat Hunting, and Automation.

Proactive Threat Detection Engineering and Automation

• Validate detection coverage and identify gaps through purple teaming and continuous testing.
• Prioritize detection coverage based on risk, asset criticality, and threat landscape.
• Track detection coverage across tactics, techniques, and procedures (TTPs).
• Report on detection efficacy, alert volume trends, and automation impact.
• Automate triage and response actions for validated detections using SOAR playbooks.
• Reduce false positives through contextual enrichment, threshold tuning, and suppression logic.
• Build and maintain detection-as-code pipelines for version control, testing, and deployment.

Threat Hunting

• Build and execute regular threat hunting campaigns focused on current, emerging, and obscure tactics, techniques, and procedures.
• Proactively search for, identify, and analyze new and existing techniques to detect advanced and targeted threats.
• Utilize advanced threat hunting techniques to detect anomalies and suspicious activities that may indicate a compromise.
• Develop and maintain threat hunting playbooks, procedures, and best practices to enhance the efficiency and effectiveness of the threat hunting program.
• Collaborate with other cybersecurity professionals, including CDW’s Cybersecurity Services team to scale threat hunting outcomes and insights.

What we expect of you:

• Bachelor’s degree and 10 years of Incident Response and Security Data Intelligence experience, OR
• 14 years of Incident Response and Security Data Intelligence experience.
• Demonstrated experience developing cybersecurity platforms using CI/CD tools and practices.
• Demonstrated experience with threat intelligence platforms, SIEM, and other cybersecurity tools and technologies such as the following: Microsoft Defender, CrowdStrike XDR, Palo Alto XSIAM, Microsoft Sentinel, Microsoft Azure Active Directory, Splunk.
• Demonstrated experience and understanding of advanced threat hunting techniques, including the use of EDR tools, network traffic analysis, and other techniques.
• Experience with the Mitre ATT&CK framework and techniques.
• Excellent verbal and written communication skills, with the ability to effectively interact with all coworkers and stakeholders.   Strong analytical and problem-solving skills, with the ability to think strategically and creatively.
• Ability to prioritize work and handle multiple tasks simultaneously in a fast paced, diverse, and growth-oriented environment. 
• Curt and relevant cybersecurity certifications such as the following are a plus: GIAC Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), Microsoft Azure.

Pay range: $143,000 - $233,400 depending on experience and skill set
Annual bonus target of 15% subject to terms and conditions of plan
Benefits overview: https://cdw.benefit-info.com/
Salary ranges may be subject to geographic differentials #LI-SC3
 

We make technology work so people can do great things.     

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. Together, we unite. Together, we win. Together, we thrive.

CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law.