About American Technology Services LLC American Technology Services (ATS) started in 1994 with the same mission as today, providing high-quality managed IT services, network support, and cybersecurity services to firms where quality matters most – the organizations that rely heavily on information technology and high levels of services. Over the years, ATS has built client trust that has lasted for years and years. As time goes forward, our consultative approach resonates well, and our “corporate knowledge” about our clients’ IT operations helps our clients perform at a higher level. About the role At ATS, you’ll join a dedicated team focused on Incident Detection & Response, working to protect the people, processes, and technology of our organization. We are seeking an experienced and adaptable Security Operations Engineer to join our Cybersecurity team. This role reports to the Cybersecurity Manager and will play a critical part in responding to cybersecurity incidents across the enterprise. What you'll do Serve as a primary responder to security incidents, including the monitoring, triaging, and investigation of security alerts in a timely manner. Collaborate with cross‑functional teams to document, enhance, and coordinate Incident Response processes. Maintain and organize Cybersecurity documentation, including the creation and upkeep of incident response playbooks. Participate in and/or lead incident post‑mortems, distilling lessons learned into actionable recommendations and comprehensive written reports. Analyze logs and EDR telemetry across a variety of systems, including medical devices, cloud applications, workstations, and data exchange platforms. Conduct investigations across Windows, Linux, iOS, and cloud platforms using SIEM tools and manual log analysis. Participate in a global on‑call rotation. Identify opportunities for automation and for improving detection capabilities. Perform proactive threat hunting to identify emerging tactics, techniques, and procedures (TTPs). Assess and respond to new and evolving threats using threat intelligence to evaluate likelihood and organizational impact. Assist in forensic acquisition, malware analysis, and network analysis. Qualifications Proven ability to translate abstract requirements into clear, actionable steps. Excellent written and verbal communication skills, including the ability to convey technical concepts to non‑technical audiences. Strong work ethic with exceptional attention to detail and organizational skills. Ability to prioritize and multitask effectively in a fast‑paced environment. Capable of working both independently and collaboratively within a team. Conceptual understanding of software development methodologies. Experience with application security, SaaS, or cloud security is a plus. Experience with programming or scripting languages is a plus. Familiarity with cloud environments (e.g., AWS, Azure) and automation frameworks.

• Own the relationship with our managed SOC, including alert quality, escalation workflows, SLAs, runbooks, and continuous improvement of detection coverage and response effectiveness. Assist with triage, investigations, and respond to security alerts across endpoints, identity, cloud, network, and application logs. • Operate and maintain our SIEM, including log onboarding, parsing, normalization, correlation rules, alert tuning, and lifecycle management to reduce noise and increase signal. • Ensure critical systems generate the right security telemetry, filling gaps across endpoints, identity providers, network devices, SaaS tools, and cloud platforms. • Continuously refine detection logic based on threat intelligence, SOC feedback, incident learnings, and emerging attack techniques. • Assist with security incidents, working with IT, Engineering, and external partners to contain, eradicate, and recover from incidents. • Develop, maintain, and continuously improve incident response playbooks, escalation paths, and communication procedures. • Track and report on key security operations metrics such as alert volumes, false positive rates, mean time to detect (MTTD), mean time to respond (MTTR), and SOC performance. • Act as the security liaison to the IT Helpdesk, ensuring security-related tickets are properly triaged, prioritized, and resolved without slowing down business operations. • Provide guidance and context to IT teams on security alerts, risks, and required actions, helping raise the overall security maturity of frontline support teams.

• Monitor, investigate, and respond to security incidents and alerts in real-time • Manage and optimize security tools including Crowdstrike and Wiz • Conduct threat hunting and proactive security analysis to identify potential vulnerabilities • Develop and maintain security incident response playbooks and documentation • Perform log analysis and correlation to identify security events and anomalies • Support SOC2 audit preparation and maintain ongoing compliance requirements • Assist with other security and compliance certification standards and frameworks • Implement and enforce security policies, procedures, and controls • Conduct security assessments and risk evaluations • Maintain evidence collection and documentation for audit purposes • Serve as a security resource and advisor to end users, providing guidance on security best practices • Partner with development teams to integrate security into the software development lifecycle • Communicate security incidents and risks to both technical and non-technical stakeholders • Provide security awareness training and guidance across the organization • Balance security requirements with business needs while maintaining a customer service-oriented approach

• Own Tier 2 escalations across endpoints, identity & access, collaboration tools, and core services—balancing fast resolution with long-term quality. • Investigate root causes of recurring issues and design durable fixes that prevent repeat incidents (vs. one-off workarounds). • Develop secure configuration standards and baselines spanning endpoints, GenAI, orchestration, and SaaS/cloud infrastructure, and iterate on them to support scale and reliability. • Shape incident/problem/change practices by proposing safe changes with clear rollback plans and improving how the team learns from incidents. • Create operational documentation (knowledge base articles, runbooks, reusable patterns) that reduces escalations and uplevels the service desk. • Triage and investigate security alerts in EDR/SIEM/SOAR, escalate effectively, and coordinate containment to recovery using playbooks with clear timelines. • Build and improve automations + analytics (GenAI/ML workflows, scripts/APIs, dashboards) to streamline tasks like alert enrichment, ticket routing, lifecycle changes, remediation flows, and ongoing operational reporting. • Partner on vulnerability and patch management by prioritizing issues, tracking remediation to SLAs, and verifying closure in measurable ways.