Incident Detection and Response Engineer

About the role:

As the Incident Detection & Response Engineer for TQL, you will design, build and maintain the systems, integrations and automation that power the organization’s incident detection and response capabilities. This role focuses on creating resilient, scalable tools and detection logic that enable the Security Operations Center (SOC) and Incident Response (IR) teams to detect and respond to threats faster and more effectively.

What’s in it for you:

• $95,000-$135,000 base + performance bonus 
• Position based in Cincinnati, OH; Charlotte, NC; or Tampa, FL (relocation assistance provided)
• Advancement opportunities with aggressive and structure career paths
• A culture of continuous education and technical training with reimbursements available
• Hybrid work environment with the ability to work remotely 40 hours per month
• Comprehensive benefits package
  • Health, dental and vision coverage
  • 401(k) with company match
  • Perks including employee discounts, financial wellness planning, tuition reimbursement and more
• Certified Great Place to Work and voted a 2019-2026 Computerworld Best Places to Work in IT

What you’ll be doing:

• Deploy, configure, and maintain SIEM platforms, intrusion detection systems, and other SOC tools
• Design and implement scalable detection logic and correlation rules in SIEM, EDR/XDR, and cloud-native security platforms
• Build data pipelines and integrations to enrich security telemetry from endpoints, networks, and cloud sources
• Ensure security monitoring tools collect accurate, actionable data
• Collaborate with incident responders to codify behavioral analytics and detection logic using MITRE ATT&CK and other models
• Create APIs, dashboards, and data visualizations to support threat hunting and incident triage
• Continuously improve tooling performance, reliability, and usability through feedback from incident responders
• Evaluate and integrate open-source and commercial security tools into the detection and response ecosystem
• Contribute to red/purple team exercises by building simulation and detection validation tooling
• Work with security leadership to define and track metrics for detection coverage, response time, alert fidelity, and tooling effectiveness
• Develop and maintain detection-as-code frameworks using version control and CI/CD pipelines

What you need:

• Bachelor’s degree in Computer Science, Software Engineering, or related field, or equivalent combination of education and experience
• Certifications such as GCDA, GCTI, or relevant cloud security credentials preferred
• 3+ years experience in incident response or security operations
• Experience managing and maintaining security solutions, SIEM, log ingestion pipelines, and API integrations
• Proficiency in Python, Go, Powershell, or similar languages used in security tooling
• Strong understanding of cloud-native architectures (Azure, AWS, GCP) and associated security services
• Familiarity with infrastructure-as-code (Terraform, Ansible) and CI/CD pipelines
• Solid grasp of detection engineering principles and adversary techniques (MITRE ATT&CK, kill chain)
• Knowledge of data streaming/search technologies (e.g., Kafka, Elasticsearch)

Employment visa sponsorship is unavailable for this position. Applicants requiring employment visa sponsorship now or in the future (e.g., F-1 STEM OPT, H-1B, TN, J1 etc.) will not be considered.