• Monitor and respond to clients through all supported email, messaging, and phone platforms • Proactively monitor security dashboards to detect and respond to emerging threats in real-time • Identify alerts that require additional analysis and facilitate their escalation– internally or externally –for further investigation and resolution • Meet minimum standards of initial triage and analysis before escalating • Understand, identify, and research Indicators of Compromise (IOCs) to support threat detection and incident response efforts • Review and analyze security logs and event data from various sources, such as firewalls, intrusion detection systems, and endpoint security tools to identify potential security incidents • Complete all assigned internal and external reports by their deadlines, or in a timely manner if one is not provided • Receive and perform initial triage of security alerts, assess their severity, and determine appropriate actions for resolution • Contribute to tuning of managed security tools by identifying trends and optimizing alert fidelity • Stay informed about the latest cybersecurity threats, vulnerabilities, and attack techniques, and apply this knowledge to enhance the SOC's threat detection capabilities • Perform threat hunts to ensure proactive, in-depth client security • Monitor and maintain unassigned and assigned ticket queues, ensuring timely resolution and effective communication with stakeholders • Maintain average ticket processing time checkpoints in accordance with SLA’s - time to acknowledge, time to triage, and time to notify • Completing all assigned training in agreed upon time frames

• Oversee and continuously elevate our security posture • Monitor and manage the lifecycle of our security audits, certifications, and internal controls • Own our security whitepapers and related InfoSec collateral • Proactively guide prospects through InfoSec, compliance, and security architecture conversations • Partner closely with Legal and Compliance to ensure alignment on policies • Manage and streamline InfoSec questionnaires • Manage day-to-day security and compliance operations • Work hand-in-hand with Solution Architects and DevOps to translate security requirements

• Monitor security tools & systems: Analyze logs, alerts, and data for suspicious activity. • Investigate potential threats: Determine if alerts are real incidents and identify vulnerabilities. • Supervise all Incident/Security issues, including preliminary triage, troubleshooting and remediation. • Gather evidence: Collect and analyze evidence to understand incident scope and impact. • Contain the threat and remediate vulnerabilities: Quickly contain the incident to minimize damage, and implement patching, configuration changes, or other measures to address the exploited vulnerabilities. • Recover from the incident and report to management: Assist in restoring affected systems and data to their normal state, and keep management informed about security incidents and response efforts. • Documentation: Document findings for future reference and improvement, including process roadmaps, change management validations, and user/system impacted incident management and resolutions.

• Design, implement, and tune high-fidelity detections across cloud, endpoint, SaaS, identity, and application environments • Build and optimize queries, alerts, and correlation logic within our SIEM and EDR platforms • Participate in SOC on-call rotation and serve as escalation point for high-severity incidents • Lead complex investigations across endpoint, cloud, SaaS, and identity environments • Triage and validate high-impact alerts, ensuring consistent investigative rigor and documentation • Conduct proactive threat hunting to identify gaps in detection coverage • Drive continuous improvement of playbooks, runbooks, and case management standards • Build custom security tooling to improve alert enrichment, investigation, and response • Develop integrations between security tools and internal systems via APIs • Automate repetitive investigative workflows and containment actions • Improve signal quality and reduce false positives across the stack • Contribute to guardrails and enforcement mechanisms across cloud and SaaS environments • Serve as the technical escalation point for high-severity incidents • Lead complex investigations and root cause analysis • Improve and mature incident response playbooks and processes • Conduct post-incident analysis and drive systemic improvements • Raise the technical bar within the SOC through mentorship and code/detection review • Establish standards for detection quality and investigation rigor • Partner closely with AppSec, Infrastructure Security, IT, and Engineering • Help shape the SOC and detection engineering roadmap