• Continuously monitor the Security Information and Event Management (SIEM) dashboard and leverage security tools to detect potential security incidents and anomalies in real-time. • Analyze incoming alerts to determine their relevance and urgency; effectively distinguish between false and true positives to prioritize response efforts. • Conduct investigations by gathering context and other relevant logs to understand scope of alert. • Strictly adhere to established Service Level Agreements (SLAs), Incident Response (IR) playbooks and Standard Operating Procedures (SOPs) to ensure consistent and compliant handling of security events. • Create, update, and manage tickets in our case management system, ensuring all investigative steps, communications, and findings are thoroughly documented. • Identify and escalate complex or high-severity incidents to Tier II or Incident Response Team, providing clear details and a comprehensive summary of initial findings. • Perform basic remediation actions, such as blocking indicators and isolating compromised hosts, when authorized by SOPs or directed by senior personnel. • Demonstrate excellent verbal and written communication skills, when communicating with team members, clients, and/or stakeholders. • Contribute to the team’s knowledge base, creating or updating articles, SOPs, and/or playbooks when new trends or resolution methods are identified.

• Collaborating with Security Operations Center (SOC) team members to monitor, detect, and respond to cybersecurity threats in a timely manner. • Responding to cybersecurity incidents from identification through resolution. • Developing and maintaining up-to-date knowledge of the threat landscape, as well as advancements in cybersecurity technologies and methodologies. • Identifying, configuring and onboarding security telemetry sources/logs in support of threat detection and incident response • Collaborating with Engineering and SRE to identify and mitigate logging deficiencies • Developing new detection scenarios and queries to broaden and deepen the team’s detection coverage • Tuning and continuously improving existing detection queries to increase signal-to-noise ratio, and ensure our detections remain relevant and functional • Executing and improving incident response protocols and procedures to swiftly and effectively manage security incidents. • Identifying, developing and maintaining automation solutions to increase the efficiency and effectiveness of the team • Integrating various security and IT tools to enhance threat detection, incident response, and operational efficiency. • Conducting regular security assessments, threat hunts, and continuous monitoring to identify vulnerabilities, opportunities for posture enhancements and better incident preparedness. • Collaborating with Engineering, IT and other departments to support the implementation and evangelization of established cybersecurity best practices across the organization. • Leveraging JIRA for creating and managing dashboards, reports, and metrics that support cybersecurity operations and decision-making.

• Execute on milestones for end-to-end SecOps & Threat initiatives in accordance with the Security roadmap • Identify and respond to complex security incidents, including system compromise, intrusion attempts, and/or denial of service attacks by conducting continuous monitoring, vulnerability assessments, and log analysis • Engage vendors, Infrastructure, IT, GRC, Cloud, and Application Security teams as required to validate alerts, ensure incident resolution, and perform root cause analysis • Research emerging threats, publicly disclosed vulnerabilities or attack vectors, and proactively push mitigating controls to products and services • Perform security forensics • Build security tools and advanced automation that enable the 6sense Security Team to operate at speed and scale • Propose, plan, lead, and execute threat exercises based on current security trends, advisories, publications, and academic research • Mentor engineers across Information Security to drive security controls and risk remediation • Communicate risks and mitigations across multiple audiences with varying levels of sensitivity • Execute on quarterly individual Key Results that support team Objectives (OKRs)

• Act as the primary technical escalation point for complex operational issues across SIEM and continuous monitoring programs, ensuring quick and effective resolutions. • Maintain and optimize critical security systems, including SIEM platforms (e.g., Splunk, ELK, SumoLogic, Sentinel), vulnerability management and scanning tools (e.g., Nessus, Qualys, Tenable), and Anti-Virus/EDR solutions (Trend Micro Deep Security Manager, Microsoft Defender, Crowdstrike). • Oversee continuous monitoring activities for FedRAMP and other compliance programs, including vulnerability scanning, configuration management, security control validation, and compliance artifact generation. • Monitor and improve the team's use of automation and monitoring tools to drive operational efficiency across both SIEM and vulnerability management workflows. • Analyze and resolve system performance issues, ensuring compliance with FedRAMP, SOC, HIPAA, and other security/operational standards. • Participate in incident response, threat hunting, and post-mortem analysis to identify root causes and prevent recurrence. • Manage a team of engineers across SIEM operations and continuous monitoring (vulnerability management) functions, fostering a high-performing and engaged team culture. • Mentor and support the professional growth of engineers through training, feedback, and career development planning. • Assist with hiring, onboarding, and retention to ensure team stability and growth. • Oversee day-to-day delivery of security services, ensuring operational consistency and high-quality outcomes for both SIEM and continuous monitoring programs. • Track and optimize key metrics such as incident response times, vulnerability remediation rates, false positive reduction, operational efficiency, and compliance posture. • Develop and refine processes for incident response, vulnerability remediation, continuous monitoring reporting, and compliance documentation. • Work with cross-functional teams, including consulting teams, SREs, and professional services teams, to improve service delivery and client satisfaction.