• Own end-to-end security operations including SOC, monitoring, and detection capabilities • Oversee SIEM, EDR, and logging programs to ensure effective threat detection and response • Manage internal and third-party security operations providers (e.g., MSSP) • Continuously improve alert quality, detection coverage, and operational efficiency • Act as technology incident commander for security events and incidents • Lead operational response including triage, containment, eradication, and recovery • Ensure incidents are managed in accordance with established procedures and SLAs • Escalate critical and high-risk incidents to the CISO with clear analysis and recommendations • Lead post-incident reviews and drive continuous improvement actions • Own the operational lifecycle of vulnerability management including scanning, prioritization, and remediation tracking • Ensure adherence to defined remediation timelines and SLAs • Coordinate penetration testing activities and validation of remediation efforts • Provide visibility into vulnerability risk and remediation progress • Oversee logging and monitoring programs to ensure comprehensive visibility across the environment • Drive development and tuning of detection use cases and alert logic • Ensure effective integration of threat intelligence into detection and response processes • Oversee operational response to phishing and email-based threats • Ensure timely triage, analysis, and mitigation of reported phishing activity • Partner with the Manager, Information Security on phishing trends and control improvements • Ensure security controls are operating effectively across monitoring, incident response, vulnerability management, and access enforcement • Identify control gaps, breakdowns, or inefficiencies and drive remediation • Escalate systemic control issues and risks to the CISO and Technology Risk • Develop and maintain operational metrics and KPIs (e.g., MTTR, vulnerability SLAs, alert volumes) • Provide regular reporting on security operations performance and risk trends • Identify opportunities to improve automation, tooling, and processes • Lead and mentor security operations personnel • Partner with Infrastructure, Engineering, DevSecOps, and Technology teams to implement and improve controls • Support audits, regulatory assessments, and evidence requests related to security operations

• Developing and maintaining security operations metrics and dashboards to improve visibility into SOC performance and support data-driven decision making • Analyzing security data to identify trends, gaps, and opportunities for improvement, and presenting findings to the team. • Supporting vulnerability management efforts by analyzing and helping drive remediation of out-of-SLA vulnerabilities across Service Desk, Infrastructure, and Product teams, improving SLA adherence and reducing risk exposure. • Collaborating with cross-functional teams to understand remediation challenges and help drive resolution of security findings. • Contributing to the improvement of security processes, including reporting, ticket workflows, and escalation paths. • Assisting in documenting and refining security runbooks and operational procedures.

• Perform reviews and approvals for Antivirus Exclusions, Browser Extensions, Email Whitelisting, Firewall Rules, Software Installations, and General Security Guidance. • Complete out-of-band requests and Product Architecture (VDC) alignment/support within SLA targets. • Attend Architecture Committee and AI Committee meetings; provide security input and document decisions. • Ensure security controls are integrated into all reviewed projects and changes. • Maintain and update existing security reference architectures under Senior Director guidance. • Contribute to Technical Standards documentation and special projects (e.g., Polaris). • Apply risk assessment frameworks to ticketed requests and suggest compensating controls. • Support the vulnerability management exception process for assigned items. • Work with CT Security Engineering, Cyber Operations, and business units to apply consistent security best practices. • Escalate complex issues to the Senior Director and assist in policy enforcement. • Stay current with security trends, tools, and threats relevant to daily review tasks. • Recommend tactical improvements to streamline approval workflows.

We are looking for a hands-on Security Operations Engineer to own and evolve our security posture across infrastructure, endpoints, and internal systems. You will be the primary driver of day-to-day security operations — from managing protective tooling to responding to incidents and coordinating audits. This is a high-ownership role with direct impact on how the company detects, responds to, and prevents security threats. Responsibilities: - **Security Systems Management** Own the configuration, maintenance, and continuous improvement of security tooling across the organization — including DLP (Data Loss Prevention), MDM (Mobile Device Management), SIEM, and endpoint protection platforms. Ensure policies are enforced, coverage is complete, and tooling stays current with evolving threats and business needs. - **Incident Management** Act as the first responder for security incidents: triage alerts, investigate root causes, coordinate containment and remediation, and produce clear post-mortem reports. Build and refine runbooks and playbooks to reduce response time and improve team readiness over time. - **Infrastructure Security** Partner with DevOps and Engineering teams to embed security across cloud infrastructure, Kubernetes workloads, CI/CD pipelines, and network layers. Conduct regular reviews of IAM policies, secrets management, network segmentation, and access controls to identify and close gaps before they become incidents. - **Audit & Penetration Testing** Coordinate internal and external security audits, manage relationships with pentest vendors, and track remediation of findings through to closure. Conduct ongoing vulnerability assessments and support compliance activities (SOC 2, ISO 27001, PCI DSS, or equivalent) by maintaining evidence and responding to auditor requests.