Cyber Threat Detection & Response Analyst
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
About the role
The Cybersecurity Threat Detection & Response (TDR) Analyst is responsible for implementing and supporting detection engineering and response enablement solutions. Working under the direction of senior engineers and in partnership with the SOC/CSIRT, this role helps onboard and normalize logs, build and tune detection rules, support alert triage and incident response, and maintain the health and performance of detection platforms (e.g., SIEM, EDR/XDR, SOAR). The TDR Analyst takes initiative to assist in planning and execution, performs assigned engineering tasks within defined scope and guidance, and follows established security policies, standards, and standard operating procedures. The engineer leverages internal and external research tools to understand threats and detections, documents work performed (use cases, runbooks, change records), and escalates risks or issues appropriately to support timely response and remediation.
Responsibilities
- Implement and maintain log/telemetry collection for security monitoring (endpoints, network devices, cloud services, identity systems, and applications) following documented standards and change-management procedures.
- Support SIEM and related detection platforms by onboarding data sources, validating parsing/normalization, maintaining data integrity, and monitoring platform health and capacity.
- Create, implement, and tune detection rules and alerts (SIEM/EDR/XDR) to improve fidelity and reduce noise; document logic, assumptions, and expected outcomes.
- Support alert triage and incident response by collecting logs/evidence, assisting with containment/eradication tasks, and coordinating engineering fixes (e.g., telemetry gaps, detection improvements) as directed.
- Assist with automation and orchestration use cases (SOAR/playbooks) to streamline repetitive response tasks; test and validate playbook changes in partnership with SOC/IR.
- Develop and execute test plans for detections and response workflows (use-case testing, regression checks); identify gaps and recommend enhancements to improve coverage and reliability.
- Work with security operations, infrastructure, and application teams to resolve telemetry issues, implement secure logging configurations, and support remediation of security findings.
- Stay current on threats and attacker techniques; leverage research tools and frameworks (e.g., MITRE ATT&CK fundamentals) to help map detections to common tactics and techniques.
- Perform other duties as assigned.
- Minimum Requirements
- Degree or equivalent and typically requires 4+ years of relevant experience
Requirements
- 4+ years of experience in cybersecurity and/or IT operations with exposure to security monitoring, detection engineering, incident response, or SOC-supporting engineering (internship/co-op experience
- Experience supporting or implementing monitoring/detection tooling such as SIEM, EDR, IDS/IPS, logging agents/collectors, or vulnerability scanners; ability to validate data collection and basic alert behavior.
- Ability to follow change management processes, document work, and meet SLA expectations for assigned tasks, tickets, and detection tuning requests.
- Demonstrated willingness to learn threat concepts, detection engineering practices, and internal tooling; participates in training, tabletop exercises, and continuous improvement activities.
- Working knowledge of security monitoring technologies such as SIEM, EDR/XDR, IDS/IPS, firewalls, and threat intelligence feeds; familiarity with ticketing/case management workflows.
- Experience onboarding or supporting log sources and telemetry pipelines (e.g., Windows/Linux logs, network device logs, cloud logs) including basic parsing/normalization concepts.
- Ability to follow runbooks and documented procedures, troubleshoot collection/detection issues, and document changes clearly (use cases, tickets, runbooks, change records).
- Foundational understanding of incident response concepts and security telemetry triage; ability to support investigations by gathering evidence and coordinating with SOC/IR teams.
- Strong collaboration and communication skills; able to escalate issues appropriately and work effectively with diverse teams, including SOC analysts, incident respo
Benefits
Additional Information
McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you. Cyber Threat Detection & Response Analyst Location: Richmond, VA, USA - 9954 Mayland Drive (on-site)
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at McKesson? Share your experience