• Capture detailed notes and deliver precise, accurate reports to stakeholders during high-pressure scenarios • Collect evidence from cyber events and utilize data to build a complete chain of events from initial access through eradication and recovery phases • Advise and coordinate with Incident Commander by providing trusted expert advice to support the successful conclusion of a cyber incident • Receive and analyze signals from numerous sources to determine possible causes of alerts • Conduct, document and report postmortem lessons learned that contribute to the improvement of the team and the organization’s cyber program • Develop and communicate reports on Cyber Defense TTPs, guidance, and incident findings to various stakeholders • Advise and collect forensically sound artifacts for inspection to support cyber incidents • Engage with both technical and non-technical stakeholders in a professional manner both internally and externally to the business on sensitive cybersecurity issues • Develop training and exercises to promote both team and organizational development to improve delivery during incidents, through the creation and conduction of tabletops and workshops • Work as part of a global team • Be the Incident Response SME

Senior Director Analyst - Security Operations, Threat Detection, Response and Automation What makes Gartner Research a GREAT fit for you? - You are a team player who values expert insights, bold ideas and intellectual courage. - You are always learning and looking to discover what’s next in technology. - You believe that good technology needs to be balanced with good governance, planning and process. - You pursue personal excellence through team collaboration and consensus If this describes you, Gartner is looking for you! Gartner is an upbeat culture based on collaboration, teamwork, integrity and objectivity that values creativity and innovation. As a Gartner analyst, you’ll not only help clients solve complex challenges and deliver on key initiatives, you’ll grow your career and the scope of your impact across industries. We work hard — and we reward success with exceptional opportunity. About this role: This role creates thought leading security operations, monitoring and vulnerability management research to our Gartner for Technical Professionals clients through published research, conversations with client (Inquiry), stage presentations, teleconferences, and client meetings. It is important that you have a vision for how security operations, threat detection, response and automation will evolve worldwide and at a regional level. What you’ll do: As a Gartner analyst you will meet with clients every day: on the phone, in a video-conference, from the stage at a Gartner event or face-to-face during a sales support visit. In every client interaction analysts help clients solve difficult puzzles that lead to better performance. To support these conversations you will research technology, practices and trends and produce written research for Gartner clients to download and apply. - Conduct research and analysis in specific areas of expertise targeting client’s key initiatives. - Deliver high quality actionable advice through a variety of media. - Write high quality, clear, actionable, advisory research documents. - Remain ahead of the curve on developments and issues within these specified areas as well as applicable adjacent areas. - Articulate and defend assigned topic positions during discussions, while demonstrating openness to reconsidering viewpoints and accepting consensus decisions - Respond to client questions, create materials for and deliver to clients in person, via teleconference, video conference or webinar and event presentations - Maintain the Gartner’s industry leadership reputation by responding to press inquiries - Proactively work with the wider sales organization and deliver outstanding sales support to retain and grow the business What you’ll need: It helps to be obsessed with your topic! Gartner analysts are correctly viewed as THE experts. This means you need to know your markets, vendors, trends, management practices, etc. and be able to see the forest and the trees. Most Gartner analysts have many years of experience and enjoy solving puzzles. - Subject matter expertise in security operations, threat detection, incident response and automation technologies, with the ability to demonstrate understanding of the business requirements and opportunities in that market - Knowledge of security information and event management (SIEM) systems - Knowledge of threat detection sources that contribute and integrate into the SOC ecosystem and security platforms, like SIEM and security data lakes. - Knowledge of security operations in on-premises and cloud environments - Knowledge of incident response and/or threat hunting processes and relevant technologies - Knowledge of security operations center processes, metrics and reporting to both technical and executive audiences - Knowledge security automation solutions such as AI SOC agents and security automation features in platforms like SIEM - Ability to mentor security staff at all levels for their role and personal development. - Broad understanding of operational security internally and under a commercial framework. - Knowledge of the global landscape, and the competitive interplay between incumbents, emerging providers, disruptors and outsourcers - Demonstrated superior analytical skills, applying conceptual models, recognizing patterns while drawing and defending conclusions. Strong business and financial acumen as well as analytical skills are required for this position - Articulate and succinct communication skills. Publishing and Speaking engagements an advantage - Minimum of 12 years of experience in a security architect or security operations related role - Bachelor's or equivalent experience, Master's degree preferred - Ability to conduct occasional travel, regionally and globally - Experienced public speaking and executive presence with security and business leaders #LI-AJ3 Who are we? At Gartner, Inc. (NYSE:IT), we guide the leaders who shape the world. Our mission relies on expert analysis and bold ideas to deliver actionable, objective business and technology insights, helping enterprise leaders and their teams succeed with their mission-critical priorities. Since our founding in 1979, we’ve grown to 21,000 associates globally who support ~14,000 client enterprises in ~90 countries and territories. We do important, interesting and substantive work that matters. That’s why we hire associates with the intellectual curiosity, energy and drive to want to make a difference. The bar is unapologetically high. So is the impact you can have here. What makes Gartner a great place to work? Our vast, virtually untapped market potential offers limitless opportunities – opportunities that may not even exist right now – for you to grow professionally and flourish personally. How far you go is driven by your passion and performance. We hire remarkable people who collaborate and win as a team. Together, our singular, unifying goal is to deliver results for our clients. Our teams are inclusive and composed of individuals from different geographies, cultures, religions, ethnicities, races, genders, sexual orientations, abilities and generations. We invest in great leaders who bring out the best in you and the company, enabling us to multiply our impact and results. This is why, year after year, we are recognized worldwide as a great place to work. What do we offer? Gartner offers world-class benefits, highly competitive compensation and disproportionate rewards for top performers. In our hybrid work environment, we provide the flexibility and support for you to thrive — working virtually when it's productive to do so and getting together with colleagues in a vibrant community that is purposeful, engaging and inspiring. Ready to grow your career with Gartner? Join us. Gartner believes in fair and equitable pay. A reasonable estimate of the base salary range for this role is 172,000 USD - 202,500 USD. Please note that actual salaries may vary within the range, or be above or below the range, based on factors including, but not limited to, education, training, experience, professional achievement, business need, and location. In addition to base salary, employees will participate in either an annual bonus plan based on company and individual performance, or a role-based, uncapped sales incentive plan. Our talent acquisition team will provide the specific opportunity on our bonus or incentive programs to eligible candidates. We also offer market leading benefit programs including generous PTO, a 401k match up to $7,200 per year, the opportunity to purchase company stock at a discount, and more. The policy of Gartner is to provide equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, ancestry, disability, veteran status, or any other legally protected status and to seek to advance the principles of equal employment opportunity. Gartner is committed to being an Equal Opportunity Employer and offers opportunities to all job seekers, including job seekers with disabilities. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability. You may request reasonable accommodations by calling Human Resources at +1 (203) 964-0096 or by sending an email to ApplicantAccommodations@gartner.com. Job Requisition ID:108877 By submitting your information and application, you confirm that you have read and agree to the country or regional recruitment notice linked below applicable to your place of residence. Gartner Applicant Privacy Link: https://jobs.gartner.com/applicant-privacy-policy For efficient navigation through the application, please only use the back button within the application, not the back arrow within your browser.

• Analysis of security-related incidents (Incident Response) • Develop concepts for prevention and defense against attacks • Coordinate the Incident Response team during a security incident • Optimize use cases and rules to identify potential threats • Onboard new colleagues and lead Incident Response teams

• Own and continuously improve end-to-end Security Operations processes • Act as senior incident leader for high-severity incidents • Lead and participate in complex security investigations • Ensure high-quality post-incident reviews