• Act as a subject matter expert for GCP cloud security • Design, configure, and optimize Google Security Command Center (SCC) • Monitor and investigate security events using GCP audit logs • Identify misconfigurations and data exfiltration risks • Correlate findings with CNAPP, endpoint, and SIEM data sources • Identify attack paths across complex GCP environments • Assist with the development of automated response playbooks • Lead cloud-native incident response activities • Perform cloud forensics to analyze identity activity • Produce investigation reports and post-incident recommendations • Provide architectural guidance on secure GCP design • Partner with engineering teams to embed security controls

Role Description Tyto Athene is searching for a Security Operations Center (SOC) Team Lead for an exciting opportunity that combines project management and customer success roles. - Team Lead for a SOC team including watch floor analysts, engineers, threat hunters, incident responders, and cyber threat analysts. - Provide guidance and direction to the SOC team to ensure execution and delivery of team tasks, requirements, and projects. - Lead customer onboarding to include developing schedules, tracking deliverables, creating slide decks, briefing the customer, and guiding customers through the onboarding process. - Build and maintain strong relationships with customers, acting as the primary point of contact for the customers. - Answer customer requests, schedule customer meetings, coordinate any engineering work or responses needed, and organize and deliver any necessary documentation to customers. - Perform weekly and monthly reviews and ensure communication plans and vital customer information is updated. - Work with the SOC team to develop and deliver an annual customer health check for each customer. - Serve as the liaison and advocate for the customer with the SOC team. - Work with customers and the SOC team to create success plans tailored to customer specific goals and objectives, monitoring progress towards achieving desired outcomes. - Collect onboarding and annual health check feedback from each customer. - Organize, schedule, and finalize any lessons learned as required by the SOC. - Develop new and innovative ideas to enhance customer service and customer value. - Track and monitor all SOC team projects progress and performance to include running daily engineering standups. - Work with the SOC team on customer case issues, updates, and overall quality. - Interface with client’s senior management personnel, including briefings up to CIO/CISO level. - Leverage industry knowledge, best practices, lessons learned and stakeholder feedback to develop, implement and continuously improve all services offered under the SOC. - Guide and mentor team members. - Work closely with the SOC Manager to function as the single point of coordination and accountability, ensuring that all technical work, communications, and decision-making remain aligned, timely, and defensible. - Maintain awareness of emerging cyber threats and vulnerabilities. - Lead the development and distribution of threat summaries, vulnerabilities notices, and flash threat emails. - Create and distribute vulnerability reports as needed. - Must have the ability to work in a dynamic environment and flexibly adapt to changing conditions. - Must have a high degree of originality, creativity, and initiative requiring minimal supervision. Qualifications - Bachelor's degree (or an additional 4 years of related experience). - Minimum three (3) years of experience managing projects. - Strong leadership, written and verbal communication, and analytic and problem-solving skills. - Knowledge of SOC operations. Requirements - Experience interfacing with and managing customers. - Active program management certification (e.g., PMP). - Active advanced cybersecurity certification (e.g., CISSP). - Agile experience and certifications are a plus. - Other relevant IT certifications are a plus. - Public Trust/Criminal Background clearance. Benefits - Health/Dental/Vision. - 401(k) match. - Paid Time Off. - STD/LTD/Life Insurance. - Referral Bonuses. - Professional development reimbursement. - Parental leave. Company Description Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains—Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT—empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly supports Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide. At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto?

• Provide expert-level cybersecurity support across cloud and enterprise computing environments • Apply advanced knowledge of cybersecurity concepts, processes, practices, and procedures to perform technical assignments and ensure the protection of systems, networks, and data • Support the integration and implementation of secure computer system solutions aligned with organizational security policies and mission requirements • Work with engineering and infrastructure teams to evaluate security requirements, identify vulnerabilities, and recommend mitigation strategies to strengthen the overall security posture • Weigh business needs against cybersecurity risks and clearly communicate security implications to both technical and non-technical stakeholders

Daylight is building managed agentic security services for modern security operations teams. Our platform combines AI-native technology with world-class security experts to monitor, detect, and investigate threats at a scale traditional SOCs can’t match. We’re a 40 person cybersecurity startup that recently emerged from stealth with strong Series A backing. Our R&D and product teams are based in Tel Aviv, and we’re now building our go-to-market presence in the US. Our investors include the founders of Wiz, Cyera, and Eon - people who helped build the cloud security category. Enterprises today are overwhelmed by alerts, tool sprawl, and a global shortage of security talent. Daylight was built to change that. We combine AI and human expertise to deliver faster, smarter investigations and real 24/7 security coverage for large organizations. The Role You’ve worked in a SOC. You’ve triaged alerts, built detections, and investigated incidents. You know what real investigations look like, and you know how much vendor messaging misses the mark. As Security Operations Advocate, you’ll bring the practitioner voice to Daylight. You’ll create technical content, explain how our technology works, and engage directly with the security community. Your audience is security operations professionals, detection engineers, and security leaders who want substance, not hype. You’ll work closely with our marketing, product, R&D, and SOC teams to translate real investigations and product capabilities into content that practitioners respect. What you’ll do: - Investigation walkthroughs - building deep-dive content that shows how Daylight's AI investigates real incidents, step by step, in a way that practitioners find genuinely impressive - Product demos and YouTube content - recording product walkthroughs, feature explainers, and commentary on SecOps trends - Product announcements - translating what product and R&D are building into products announcements focused on our audience - Speaking and events - representing Daylight at industry conferences, security meetups, and customer events; you'll be one of our faces on stage - Webinars & round tables - hosting and co-presenting technical webinars with customers and partners - LinkedIn and Reddit - building a presence where practitioners and detection engineers spend time; participating authentically in conversations. - Influencer and peer relationships - building relationships with respected voices in the security practitioner community - Practitioner enablement content - supporting sales with materials that can stand up to scrutiny from technical buyers What this actually looks like week-to-week: - Recording an investigation walkthrough video with one of our security analysts and turning it into a YouTube video and a blog post - Sitting in on a product sprint review to understand what's shipping next and drafting the announcement content - Posting on LinkedIn not as a brand but as someone with real expertise and a point of view - Presenting at a regional security meetup or submitting a talk proposal to a conference like SANS, BSides, and more - Jumping into a Reddit thread where practitioners are discussing MDR and contributing something actually worth reading - Hopping on a call with a customer who's willing to do a webinar or a case study, and helping turn that into something compelling You're the right fit if: 1. You have the practitioner's credibility: You've built detection logic, worked with SIEMs, or run triage workflows and you have strong opinions about it all. 2. You want to create, not just do: You've created content before (blog posts, conference talks, videos, threads) because you wanted to share your POV with the community. 3. You're energized by community: You already participate in security practitioner communities or want to do so: LinkedIn, Reddit, Discord, Slack groups, conferences 4. You're comfortable being early: There's no playbook for this role. You'll build it and that’s great for you. You're okay not having every resource you need from day one. You're NOT the right fit if: - You've never worked in a SOC or security operations environment. - You want to be on stage only: you're not interested in working with the product team on announcements or helping the broader marketing team articulate our differentiation. - You're uncomfortable being on camera or on stage: you want to stay behind the scenes and are not excited about building a public presence. - You need a large team and established process to be effective. Requirements - 3+ years in a hands-on security operations role: SOC analyst, detection engineer, threat hunter, or similar. - Comfort presenting technical content in front of live or recorded audiences. - Some evidence of public presence: a conference talk, a blog, a LinkedIn following, community contributions - even early-stage. - Strong written English; the ability to translate technical depth into content that practitioners actually want to read. - Startup or fast-moving environment experience is a big plus. - Prior experience in a security practitioner-to-advocate transition is a plus, but not required - we'll help you make the shift.