Detection & Response Analyst II

Senior Detection and Response Analyst

About Us

At Todyl, we are on a mission to protect small and medium-sized businesses from ever-changing cyber threats. The Todyl platform fully integrates threat, risk, and compliance management to provide exceptional and affordable unified cybersecurity solutions to MSPs (Managed Service Providers) and their end customers.

At the end of the day, we’re here to keep our partners and customers safe and help them manage the risks and comply with regulations. Protecting others requires a team that works together with trust and cares deeply about carrying out our mission.

About the Role

We are looking for a passionate Detection and Response Analyst II to join our Managed Extended Detection and Response (MXDR) team. In this role, you will have a direct impact on our partners’ security, helping safeguard their systems and data. This position offers an exciting opportunity to work collaboratively, leverage cutting-edge security tools, and build your expertise in security operations and threat intelligence.

This role reports to the Director of MXDR. Todyl has an in-office team, and this role is for our Augusta, GA or Denver, CO office. Additionally, this role is for either our evening (4PM – 2AM EST) or overnight (12AM – 10AM) shifts.

Key Responsibilities

• Monitoring & Reporting: Actively monitor alerts and craft technical reports, describing the overall activity and root cause of the alert to our partners.

• Collaborative Work: Work closely beside other members of the team to learn and share knowledge and collaborate on projects and incidents.

• Automation & Tool Development: Independently contribute to internal projects, documentation, and develop new capabilities to automate security operations and enhance overall security.

• Threat Hunting & Analysis: Support proactive threat-hunting exercises, analyze indicators of compromise (IOCs), and research malware threat families to anticipate and mitigate risks.

• Incident Response: Assist in the triage and investigation of security incidents, working alongside the Detection Response Account Managers (DRAMS) or Threat Hunters, to determine root cause, scope, and impact of incidents. Ensure proper hand-off for incidents requiring containment and recovery.

Qualifications

Values Fit

• Extreme ownership, particularly when things go wrong or aren’t completed on time.

• Intrinsic drive for growth; self-motivated, always learning, and focused on raising the bar for self and team.

• Strong bias for action with impact; make tough decisions quickly, measure results, and iterate with clarity to move the mission forward.

• Comfort with ambiguity and change, embrace change and uncertainty as part of startup life.

• Humility, purpose over ego to acknowledge mistakes, learn from others, and embrace feedback while putting the mission first.

Who You Are

• Experience: 5+ years in cybersecurity, with 2+ years leading security monitoring, incident response, and detection engineering initiatives in enterprise environments.

• Education & Certifications: Advanced industry certifications (e.g., GCIH, GCFA, GREM, GCLD) strongly preferred. Bachelor's degree or equivalent experience required.

• Operating System Knowledge: Advanced operational and forensic proficiency in Windows (required), with strong working knowledge of Linux and macOS environments. Ability to investigate host-level artifacts and perform command-line–driven analysis.

• Network & Protocol Knowledge: Expert-level understanding of TCP/IP, authentication protocols (Kerberos, NTLM, OAuth, SAML), and common enterprise application protocols. Ability to analyze packet captures and network telemetry for threat detection.

• Adversary & Threat Lifecycle Knowledge: Deep understanding of modern threat actor tradecraft aligned to frameworks such as MITRE ATT&CK. Ability to map telemetry to adversary behaviors across the full intrusion lifecycle.

• Detection & Security Engineering: Demonstrated experience designing, tuning, and optimizing detections across SIEM, EDR, UEBA, and cloud security platforms. Proven ability to reduce false positives and increase signal fidelity.

• Data Analysis & Telemetry: Strong capability in parsing and analyzing raw logs, Windows event data, network flow data, and endpoint telemetry to identify anomalous activity.

• Automation & Development: Proficiency in scripting (Python, PowerShell, Bash) to automate detection, response, and investigative workflows. Experience building tools or pipelines that enhance security operations at scale.

• Cloud & Identity Security: Strong experience securing and investigating cloud environments (M365, Okta, AWS, Azure, GCP), including identity abuse, token misuse, and cloud-native attack techniques.

• Leadership & Collaboration: Experience leading complex investigations, mentoring junior analysts, and partnering cross-functionally with IT, engineering, and leadership teams.

What We Offer

• Health & Wellbeing

  • Medical, dental, and vision coverage for you and your family

  • HSA/FSA options

  • Life insurance and short- and long-term disability coverage

• Financial & Future

  • Competitive 401(k) to invest in your future

  • Short- and long-term disability coverage for when life gets unpredictable

• Flexibility & Time Off

  • Hybrid work schedule

  • Flexible PTO + 13 company holidays

  • Generous parental leave