Principal Threat Detection & Response Operations

Fueled by our shared passion and expertise, CDW delivers innovative technology solutions for our customers. We’re also committed to fostering an environment that embraces collaboration, celebrates integrity, inclusivity, and individuality, and paves the path for personal and professional growth. Experience a life in balance and join us on the journey forward. 

Join CDW and help protect delivery of full stack technology solutions and global services for 250K+ customers—including corporate enterprise, government, education, and healthcare industries. You will be on a team dedicated to collaborative delivery of a new global information\ security strategy, operating model, and objectives to accelerate CDW’s business goals in a secure way.

Your role at CDW is of the utmost importance to the company’s mission, objectives, and reputation. As a Principal of Threat Detection Operations, you will play a pivotal role in identifying and analyzing cyber threat tactics, techniques, and procedures—ensuring proactive detection capabilities to aid the global threat detection and response mission. Your responsibilities include four parts:

What you will do:

Threat Detection and Response

• Provide technical guidance for the development/improvement of the corporate cybersecurity incident response plan.
• Develop incident response methodologies to triage cybersecurity events and incidents.
• Collaborate with other coworkers and teams to deploy cybersecurity countermeasures during cybersecurity events and incidents.
• Perform post event and incident analysis to prevent re-occurrence.
• Perform after action analysis to identify areas and opportunities of improvement to reduce the chance or impact of future events and incidents.

Proactive Threat Detection Engineering

• Lead the development of threat detection rules and use cases based on the latest threat intelligence and operational changes within CDW’s global technology ecosystem.
• Collaborate with cybersecurity coworkers to develop and implement effective defensive strategies against current and emerging threats.
• Provide technical guidance and mentorship to junior team members.
• Drive and guide purple team exercises to help test and improve detection capabilities.
• Develop and monitor metrics and key performance indicators to measure the effectiveness of the threat detection program.

Threat Hunting

• Build and execute regular threat hunting campaigns focused on current, emerging, and obscure tactics, techniques, and procedures.
• Proactively search for, identify, and analyze new and existing techniques to detect advanced and targeted threats.
• Utilize advanced threat hunting techniques to detect anomalies and suspicious activities that may indicate a compromise.
• Develop and maintain threat hunting playbooks, procedures, and best practices to enhance the efficiency and effectiveness of the threat hunting program.
• Collaborate with other cybersecurity professionals, including CDW’s
• Cybersecurity Services team to scale threat hunting outcomes and insights.

Threat Research and Reporting

• Conduct in-depth research and analysis of current and emerging cyber threats, including attack vectors, malware behavior, and procedural tactics, techniques, and procedures.
• Utilize Diamond Model and Kill Chain models to track threat actors group profiles, trends, and tradecraft.
• Develop high-quality threat insights that are relevant and actionable for CDW’s global security operations centers.
• Produce detailed threat analysis reports, threat briefs, and other publications that provide insights into the latest cyber threats and attack analytics.
• Collaborate with CDW’s Cybersecurity Services team to publish public threat reports, including themes, trends, and threat actor profiles.

What we expect of you: 

Education and/or Experience Qualifications?

• Bachelor’s Degree
• 10 years of experience

Required Qualifications  

Who you are:

• You thrive on making an impact—for your team, your company, and the industry.
• You are extremely hands-on with a passion for technology.
• You do not accept the status-quo, and always strive to improve.
• You are eager to learn and seek professional development continuously.
• You are resourceful, open-minded, analytical and enjoy solving complex problems.
• You are diligent and self-motivated.

What we are looking for:

• Strong understanding of advanced threat hunting techniques, including the use of EDR tools, network traffic analysis, and other techniques.
• Experience with threat intelligence platforms, SIEM, and other cybersecurity tools and technologies such as the following: Microsoft Defender, CrowdStrike XDR, Palo Alto XSOAR, Microsoft Sentinel, Microsoft Azure Active Directory, Splunk Enterprise Security.
• Strong analytical and problem-solving skills, with the ability to think strategically and creatively.
• Current and relevant cybersecurity certifications such as the following are a plus: GIAC Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), Microsoft Azure, etc.
• Experience with the Mitre ATT&CK framework and techniques.
• Excellent written and verbal communication skills

What you can expect from us:   
Diverse, award-winning culture and work/life benefits.

An inclusive culture that empowers you to bring your best true self and your best ideas. We know diverse perspectives lead to better problem solving and better solutions for our customers.  

A learning environment that empowers you to develop your career with comprehensive resources and support, ongoing education and skills-development training, and robust advancement opportunities.

Health, dental, and vision coverage; coworker stock purchase program; paid vacation time and sick days; tuition reimbursement; coworker discounts; and other generous perks. 

Who we are:  
We make technology work so people can do great things.

CDW is a Fortune 500 technology solutions provider to business, government, education, and healthcare organizations in the United States, Canada, and the United Kingdom. We help customers navigate and be successful in an ever-changing world by providing them with the technology advice and solutions they need—when, where, and how they need them. We make technology work so that people can do great things.  

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.