• Act as a first responder to emerging threats • Work across the full detection and response stack, from identity and endpoints to network and cloud • Contribute to improving our detection and response capabilities by collaborating with internal teams and supporting service enhancements • Play a key role in investigations, applying expertise to analyse incidents and respond effectively

• Advance Apollo’s detection and response strategy in partnership with engineering and IT leadership • Implement and maintain adherence to SOC 2 and other cloud security frameworks • Handle escalations from Sales and Customer Success, including security questionnaires and customer audits • Build and tune monitoring, logging, and alerting systems to improve visibility while reducing noise • Drive automation of SecOps workflows to speed up investigation and response • Guide secure adoption of AI across Apollo - from internal use by engineers to AI-powered product features • Participate in our on-call rotation (we keep this lightweight and reasonable)

• Work at the cutting edge of technology innovation; challenge the status quo and transform banking every day. • Experience in a fast-paced environment, ambitious team; look forwards and continuously strive to be the best. • Be part of a team that values integrity; support each other and keep promises. • Work freely, flexibly and true to your authentic self; champion diversity. • Join a global and diverse family that works together through the good times and bad; care deeply about each other and clients.

Role Description We seek a highly skilled and hands-on Security Operations Technical Lead to join our dynamic team at Echelon Risk + Cyber, a leading cybersecurity consulting firm. The ideal candidate will be ready to roll up their sleeves and identify opportunities for our clients and for Echelon internally with unquestioned integrity. This team member will be passionate about cybersecurity and ready to use their knowledge to be an Entrepreneurial Problem Solver and work alongside their Echelon team members to build creative solutions. As the Security Operations Technical Lead, you will build and mature our SOC capabilities within our MSSP practice. The ideal candidate brings 7–10 years of MSSP experience (with at least 5 years on a SOC team) and a strong security engineering background across EDR/MDR, SIEM, Microsoft 365 security, and email security. In this role, you'll guide day-to-day SOC operations, detection engineering, and incident response, while remaining primarily hands-on. This is a remote position from anywhere in the USA. What You Will Do - SOC leadership & maturity (no hiring duties): - Establish and refine SOC processes (tiering, shift coverage, escalation paths, QA, SLAs/OLAs). - Drive runbook discipline, training plans, and continuous improvement for service quality. - Own SOC KPIs (MTTD/MTTR, detection efficacy, false-positive rate, case aging, CSAT/NPS). - Detection & response (hands-on): - Build and tune detections in SIEM/XDR; develop correlation rules, parsers, and dashboards. - Lead investigations and major incidents end-to-end; conduct post-incident reviews and reporting. - Perform proactive threat hunting aligned to MITRE ATT&CK and emerging TTPs. - Tooling & platform engineering: - Deploy, integrate, and operate EDR/MDR (CrowdStrike, SentinelOne, Blackpoint), Microsoft 365/Windows Defender, SIEM, SOAR, email security, vulnerability scanners, and NSM tools. - Engineer log onboarding/normalization across cloud (AWS, Azure, M365, GCP), network, endpoint, identity, and SaaS sources. - Build automation/orchestration playbooks to reduce MTTD/MTTR and analyst toil. - Service delivery & client engagement: - Serve as technical point of contact for customers; present posture reviews and improvement plans. - Define and meet service SLAs; contribute to SOWs, service catalogs, and onboarding playbooks. - Coordinate with customer IT/CISO teams, vendors, and legal/compliance during incidents. - Risk, compliance & continuous improvement: - Map detections, controls, and reporting to frameworks/standards (NIST CSF/800-53, CIS Controls, SOC 2, ISO 27001). - Drive vulnerability and exposure management with risk-based prioritization. - Run tabletop exercises, purple-team activities, and lessons learned. Qualifications - Deep knowledge of SOC operations (triage, incident lifecycle, evidence handling, documentation). - Strong grasp of Windows/*nix/AD/M365, identity security (SSO/MFA), network protocols, and cloud telemetry. - Expertise in detection engineering and query languages (SPL, KQL, Elastic DSL, AQL). - Familiarity with adversary emulation and frameworks (MITRE ATT&CK, D3FEND, CIS Controls). - Understanding of email security (phishing, BEC), vulnerability scanning/patching, and network security monitoring (IDS/IPS, PCAP). - Proficiency with SOAR concepts and playbook design (enrichment, containment, ticketing). - Scripting/automation (PowerShell, Python, or equivalent) for enrichment, triage, and response. - Clear written/verbal communication for executive briefings and technical reports. Requirements - Experience: 7–10 years in MSSP settings; 5+ years on a SOC team; 2–4+ years in a lead/technical lead capacity. - Platforms (hands-on in several): - EDR/XDR/MDR: CrowdStrike, SentinelOne, Blackpoint, Microsoft Defender for Endpoint, Cortex XDR, etc. - Microsoft ecosystem: Microsoft 365, Windows Defender / Defender for Endpoint, Defender for Office 365, Azure security telemetry (KQL, Log Analytics, Sentinel). - SIEM: Splunk, Microsoft Sentinel, Elastic, QRadar, Exabeam, or similar. - SOAR: Splunk SOAR, Cortex XSOAR, Sentinel automation. - Email security & awareness: Mimecast, KnowBe4, Material Security, M365 Defender for Office 365. - Vulnerability management: Tenable, Qualys, or Rapid7. - NSM/IDS: Zeek, Suricata, commercial IDS/IPS. - IR leadership: Proven track record leading medium/major incidents (ransomware, BEC, insider, cloud credential abuse). - Cloud: Experience securing and monitoring AWS/Azure/GCP and M365 (identity and endpoint telemetry). - Process: Built or matured playbooks, runbooks, use-case catalogs, and service reporting. - Demonstrated KPI/OKR management. Benefits - Access to medical, dental, and vision insurance through Cigna, with the majority of the employee cost covered by the employer. - Employer funding to HSA accounts and FSA access. - Access to a 401(k) through Vanguard with a guaranteed employer contribution. - Flexible vacation policy that allows you to manage your schedule and rest and recharge when you need to. - 11 holidays with flexibility based on what is important for you and those you love. - Family-friendly benefits, including weeks off for Maternity leave, weeks off for non-birthing parent leave, employer-paid short-term and long-term disability, employer-paid life insurance, and access to additional life insurance, hospital coverage, accidental coverage, discounted mental health support, and more. - Support for individual development through certifications, continued learning, conferences, and more.