• Own detection engineering: SIEM use-cases, data pipelines, parsers, enrichment, and tuning to reduce false positives • Lead threat hunting and purple-team exercises; drive control improvements based on TTPs (ATT&CK) • Architect endpoint and email security baselines; optimize EDR/XDR policies and response automation • Implement and optimize Data Loss Prevention (DLP) technical controls and integrations in alignment with enterprise data protection requirements • Guide vulnerability management strategy (risk-based prioritization, exploitability analysis, compensating controls) • Design partner in network security architectures (micro-segmentation, firewall policies, NDR) and secure remote access (SASE/ZTNA) • Provide key insights for cloud workload protection (CSPM/CWPP/CIEM) and secure identity governance integrations • Perform root-cause analysis and forensics coordination, document findings and corrective actions • Mentor engineers; set coding and automation standards for security tooling and integrations • Drive technology selection, POCs, and reference implementations; maintain technical roadmaps • Track and improve detection quality metrics (e.g., false positives, coverage, MTTR) • Represent security in architecture boards and major program decisions • Develop and maintain security automation and response playbooks in partnership with SOC/MDR providers to improve detection and response efficiency • Familiarity with OT/ICS security considerations in manufacturing environments • Partner with SOC/MDR provider to continuously improve detection coverage and tuning

• Design, implement, and operate security controls primarily across Microsoft Azure environments • Lead design and implementation for cloud landing zones, identity, and network controls (VPC/VNet, security groups/NSGs, private endpoints) • Configure cloud-native security services (e.g., Microsoft Defender for Cloud, Microsoft Sentinel, Defender XDR) • Build posture management (CSPM) and workload protection (CWPP) with policy-as-code and automated remediation • Implement key management, encryption at rest/in transit, and certificate governance using KMS/Key Vault/Cloud KMS • Establish logging, telemetry, and alerting (Azure Monitor) integrated to SIEM/XDR • Work with key team members across IT and Security to test and validate total coverage / maturity of detection telemetry from cloud native sources • Determine architecture as needed to harden serverless containers, and managed services (Functions, Logic Apps, Container Apps, AKS, ACI) with baseline controls • Perform threat modeling and security reviews for cloud architectures and application designs • Partner with platform and product teams to deliver IaC guardrails, image baselines, and patch/vulnerability workflows • Respond to cloud incidents as a point of escalation; perform triage, containment, and post-incident improvements • Develop automation architecture where applicable to optimize cloud detection and response capabilities • Leverage automation and AI-assisted capabilities where appropriate to enhance cloud detection and response • Document standards and runbooks; conduct enablement sessions with dev and ops teams • Design partner in cloud security strategy and program maturity

• Design and maintain IAM security architecture: directory services, federation, SSO (SAML/OIDC), MFA, conditional access, device trust • Implement identity lifecycle automation (joiner/mover/leaver), birthright roles, and SCIM-based provisioning/deprovisioning • Define RBAC/ABAC models; perform access reviews, role mining, and segregation-of-duties analyses • Integrate identity governance platforms (where applicable) with HRIS/ERP and downstream applications • Engineer privileged access management (PAM) solutions (Examples: CyberArk/BeyondTrust) including JIT elevation and session recording • Secure service and machine identities, secrets, and certificates; enforce rotation and attestation • Develop identity security monitoring and anomaly detection (e.g., Identity Protection, risk-based access); integrate with SIEM/XDR for response • Support Zero Trust identity strategy, including strong authentication, device trust, and continuous access evaluation • Support compliance audits (where applicable) with access certification evidence and control narratives • Troubleshoot complex federation and authorization issues; provide tier-3 support and root-cause analysis • Document standards, patterns, and runbooks; advise application teams on secure integration

• Design intelligent cyber defense. • Automate response. • Engineer automation-first, AI-assisted security capabilities that transform detection signals into real-time, policy-driven response and control actions. • Help evolve security operations from “alert and investigate” to detect, decide, and act. • Design and implement SOAR workflows, detection logic, and automated response playbooks. • Integrate AI/ML-driven insights to improve signal fidelity, decisioning, and response outcomes across detection, response, and control planes. • Document automation patterns, standards, and engineering decisions.