Jobs · Business Development · Colorado

Detection & Response Analyst II

Todyl · Denver, CO · 6 mo ago
On-siteBusiness Development$70k–$85k/yrFull-time

About the role

We are looking for a passionate Detection and Response Analyst II to join our Managed Extended Detection and Response (MXDR) team. In this role, you will have a direct impact on our partners' security, helping safeguard their systems and data. This position offers an exciting opportunity to work collaboratively, leverage cutting-edge security tools, and build your expertise in security operations and threat intelligence.

Key Responsibilities

  • Monitoring & Reporting: Actively monitor alerts and craft technical reports, describing the overall activity and root cause of the alert to our partners.
  • Collaborative Work: Work closely beside other members of the team to learn and share knowledge and collaborate on projects and incidents.
  • Automation & Tool Development: Independently contribute to internal projects, documentation, and develop new capabilities to automate security operations and enhance overall security.
  • Threat Hunting & Analysis: Support proactive threat-hunting exercises, analyze indicators of compromise (IOCs), and research malware threat families to anticipate and mitigate risks.
  • Incident Response: Assist in the triage and investigation of security incidents, working alongside the Detection Response Account Managers (DRAMS) or Threat Hunters, to determine root cause, scope, and impact of incidents. Ensure proper hand-off for incidents requiring containment and recovery.

Qualifications

  • Experience: 5+ years in cybersecurity, with 2+ years leading security monitoring, incident response, and detection engineering initiatives in enterprise environments.
  • Educational & Certifications: Advanced industry certifications (e.g., GCIH, GCFA, GREM, GCLD) strongly preferred. Bachelor's degree or equivalent experience required.
  • Operating System Knowledge: Advanced operational and forensic proficiency in Windows (required), with strong working knowledge of Linux and macOS environments. Ability to investigate host-level artifacts and perform command-line–driven analysis.
  • Network & Protocol Knowledge: Expert-level understanding of TCP/IP, authentication protocols (Kerberos, NTLM, OAuth, SAML), and common enterprise application protocols. Ability to analyze packet captures and network telemetry for threat detection.
  • Adversary & Threat Lifecycle Knowledge: Deep understanding of modern threat actor tradecraft aligned to frameworks such as MITRE ATT&CK. Ability to map telemetry to adversary behaviors across the full intrusion lifecycle.
  • Detection & Security Engineering: Demonstrated experience designing, tuning, and optimizing detections across SIEM, EDR, UEBA, and cloud security platforms. Proven ability to reduce false positives and increase signal fidelity.
  • Data Analysis & Telemetry: Strong capability in parsing and analyzing raw logs, Windows event data, network flow data, and endpoint telemetry to identify anomalous activity.
  • Automation & Development: Proficiency in scripting (Python, PowerShell, Bash) to automate detection, response, and investigative workflows. Experience building tools or pipelines that enhance security operations at scale.
  • Cloud & Identity Security: Strong experience securing and investigating cloud environments (M365, Okta, AWS, Azure, GCP), including identity abuse, token misuse, and cloud-native attack techniques.
  • Leadership & Collaboration: Experience leading complex investigations, mentoring junior analysts, and partnering cross-functionally with IT, engineering, and leadership teams.

Similar jobs