• Act as the primary technical escalation point for complex operational issues, ensuring quick and effective resolutions. • Maintain and optimize critical systems, including SIEM platforms (e.g., Splunk, ELK, SumoLogic, Sentinel), Anti-Virus tools (Trend Micro Deep Security Manager, Microsoft Defender, Crowdstrike) and vulnerability management tools (e.g., Nessus, Qualys, Burp). • Monitor and improve the team’s use of automation and monitoring tools to drive operational efficiency. • Analyze and resolve system performance issues, ensuring compliance with security and operational standards. • Participate in incident response and post-mortem analysis to identify root causes and prevent recurrence. • Mentor and support the professional growth of engineers through training, feedback, and career development planning. • Assist with hiring, onboarding, and retention to ensure team stability and growth. • Oversee day-to-day delivery of security services, ensuring operational consistency and high-quality outcomes. • Track and optimize key metrics such as incident response times, operational efficiency, and compliance posture. • Develop and refine processes for incident response, vulnerability remediation, and compliance reporting. • Work with cross-functional teams, including consulting teams, SREs, and professional services teams, to improve service delivery.

• Lead and coordinate responses to security incidents, including ransomware, host compromise, credential and account compromise, phishing, insider threats, third-party risks, and data spillage while collaborating closely with information security leadership, business stakeholders, and the rest of the incident response team • Produce clear, accurate incident documentation and post‑incident analysis focused on root cause and measurable improvement • Participate in incident response tabletop exercises to identify gaps, enhance skills, and engage stakeholders; review technical reports from vulnerability and penetration testing assessments to identify potential exposure to future incidents • Improve Security Operations practices by contributing to the development, refinement, and maintenance of SOC procedures, playbooks, policies, and guidelines • Assess the effectiveness of security controls and technical risks across hosting environments, and communicate findings clearly to both technical and non-technical stakeholders • Own and act as a subject matter expert for one or more core security tools or platforms, ensuring data quality, reliable operation, and effective use.

• Monitor and analyze log data, network traffic, and/or alerts generated by a variety of security technologies in real-time. • Respond, triage, and escalate security incidents using a SIEM platform following documented procedures. • Support the execution of vulnerability scans and assist in analyzing results for remediation recommendations. • Draft security incident reports detailing the threat, its characteristics, and required remediation activities for review by a senior analyst. • Research new threats and ensure appropriate detection capabilities are in place. • Review security incidents and other deliverables for adherence to established procedures and provide documentation updates as necessary. • Contribute to the quality and timeliness of the security incident detection and classification service. • Ensure standards and procedures are adhered to within defined SLA’s. • Articulate security issues to customers, both verbally and written. • Referring difficult or complex issues to more experienced staff. • Developing an understanding of current vulnerabilities, attacks, and countermeasures. • Identify opportunities for process improvement and suggest them to stakeholders. • Manage and track customer issues and requests within a ticketing system. • Work within a 24x7x365 team to further support the timely delivery of monitoring services. • This position may be assigned to a rotating shift schedule. • Support other teams as needed.

• Monitor security alerts and events using SIEM and other monitoring tools. • Analyze and respond to security incidents, including malware infections, phishing attempts, and unauthorized access. • Triage and prioritize alerts based on severity and potential impact. • Conduct initial investigations and document findings in incident tracking systems. • Collaborate with internal teams to contain and remediate security threats. • Perform root cause analysis and recommend improvements to prevent recurrence. • Create and maintain standard operating procedures (SOPs) and incident response playbooks. • Assist in threat intelligence gathering and correlation with internal events. • Participate in security audits, vulnerability assessments, and compliance efforts. • Stay up-to-date with the latest cybersecurity trends, vulnerabilities, and threat actor tactics.