• Developing and maintaining security operations metrics and dashboards to improve visibility into SOC performance and support data-driven decision making • Analyzing security data to identify trends, gaps, and opportunities for improvement, and presenting findings to the team. • Supporting vulnerability management efforts by analyzing and helping drive remediation of out-of-SLA vulnerabilities across Service Desk, Infrastructure, and Product teams, improving SLA adherence and reducing risk exposure. • Collaborating with cross-functional teams to understand remediation challenges and help drive resolution of security findings. • Contributing to the improvement of security processes, including reporting, ticket workflows, and escalation paths. • Assisting in documenting and refining security runbooks and operational procedures.

• Perform reviews and approvals for Antivirus Exclusions, Browser Extensions, Email Whitelisting, Firewall Rules, Software Installations, and General Security Guidance. • Complete out-of-band requests and Product Architecture (VDC) alignment/support within SLA targets. • Attend Architecture Committee and AI Committee meetings; provide security input and document decisions. • Ensure security controls are integrated into all reviewed projects and changes. • Maintain and update existing security reference architectures under Senior Director guidance. • Contribute to Technical Standards documentation and special projects (e.g., Polaris). • Apply risk assessment frameworks to ticketed requests and suggest compensating controls. • Support the vulnerability management exception process for assigned items. • Work with CT Security Engineering, Cyber Operations, and business units to apply consistent security best practices. • Escalate complex issues to the Senior Director and assist in policy enforcement. • Stay current with security trends, tools, and threats relevant to daily review tasks. • Recommend tactical improvements to streamline approval workflows.

We are looking for a hands-on Security Operations Engineer to own and evolve our security posture across infrastructure, endpoints, and internal systems. You will be the primary driver of day-to-day security operations — from managing protective tooling to responding to incidents and coordinating audits. This is a high-ownership role with direct impact on how the company detects, responds to, and prevents security threats. Responsibilities: - **Security Systems Management** Own the configuration, maintenance, and continuous improvement of security tooling across the organization — including DLP (Data Loss Prevention), MDM (Mobile Device Management), SIEM, and endpoint protection platforms. Ensure policies are enforced, coverage is complete, and tooling stays current with evolving threats and business needs. - **Incident Management** Act as the first responder for security incidents: triage alerts, investigate root causes, coordinate containment and remediation, and produce clear post-mortem reports. Build and refine runbooks and playbooks to reduce response time and improve team readiness over time. - **Infrastructure Security** Partner with DevOps and Engineering teams to embed security across cloud infrastructure, Kubernetes workloads, CI/CD pipelines, and network layers. Conduct regular reviews of IAM policies, secrets management, network segmentation, and access controls to identify and close gaps before they become incidents. - **Audit & Penetration Testing** Coordinate internal and external security audits, manage relationships with pentest vendors, and track remediation of findings through to closure. Conduct ongoing vulnerability assessments and support compliance activities (SOC 2, ISO 27001, PCI DSS, or equivalent) by maintaining evidence and responding to auditor requests.

• You’ll lead major security incidents from detection through remediation, coordinating containment, analysing attacker activity, and supporting clients through critical decision‑making. • You’ll proactively hunt for threats using advanced KQL analytics, enhance SIEM/EDR detections, tune rules, and develop signatures aligned to MITRE ATT&CK. • You’ll perform malware triage and behavioural analysis, using reverse‑engineering tools when needed to support investigations and strengthen detection coverage. • You’ll produce clear, high‑quality investigation reports, timelines, and intelligence summaries that translate technical findings for a range of audiences. • You’ll contribute to SOC playbooks, mentor junior analysts, support onboarding of new customers, and help evolve SOC processes and tooling. • You’ll participate in the 24×7 on‑call rota to provide expert support during critical incidents.