• Information Security Operations Engineer is a member of the Gen Re Security team, who will leverage extensive experience in security operations to oversee and enhance proactive defenses and response capabilities. • The candidate shall work closely with Security and other IT practice leads to ensure that detection logic, incident response workflows, data quality, automation, and team collaboration are continuously improved and effectively managed. • The role entails strategic planning, research, testing, and implementation of new solutions, as well as the operation and maintenance of current solutions. • The candidate must be highly organized and analytical and is expected to partner and mentor effectively with other teams on an ongoing basis.

• Lead security incident investigations and ensure timely containment, root cause analysis, and cross-team collaboration. • Provide expert guidance on SIEM strategy, detection logic, and associated security technologies (EDR, email/web gateways, cloud controls). • Standardize and refine monitoring workflows to improve signal quality, reduce false positives, and expand visibility across the environment. • Leverage data from diverse sources (logs, telemetry, threat intel, case history) to identify patterns, emerging issues, and potential business impacts. • Develop, drive, and execute recommendations—technical or professional—that shape both short-term defensive actions and longer-term operational strategy. • Boost SOC effectiveness by implementing new tools, automation, AI-powered processes, and optimized playbooks supported by clear performance metrics. • Anticipate what’s next by actively monitoring emerging threats and regulatory changes that affect the company. • Mentor and elevate teammates by sharing expertise, modeling strong communication under pressure, and supporting a culture of learning within the SOC. • Collaborate closely with Technology teams, Legal/Privacy, Risk & Compliance, vendors, and third-party service providers. • Act as a subject matter expert for technology, policy, and regulatory topics in your area. • Maintain relevant professional certifications and stay current through conferences and ongoing professional development. • Advise peers and leadership on emerging risks, best practices, and operational implications.

• 24/7 monitoring and alert triage across SIEM/EDR/cloud security tooling; identify false positives vs. credible threats and set appropriate severity. • Initial investigation and enrichment: gather relevant logs/telemetry, add context, and document findings clearly in the case/ticketing system. • Escalation and coordination: escalate confirmed/suspected incidents quickly and cleanly to L2/IR with a complete handoff (timeline, scope, IOCs, actions taken). • Runbook execution: follow SOPs for common events (phishing, suspicious logins, endpoint detections, cloud key/token risk, malware alerts, data exfiltration signals), including containment actions you’re authorized to perform. • Threat-aware analysis: map alerts to adversary behaviors (e.g., MITRE ATT&CK techniques) to improve understanding and escalation quality. • Operational hygiene: maintain accurate shift handovers, update watchlists and investigation notes, and identify recurring alert patterns for tuning recommendations.

• Take escalations from L1 and independently investigate complex, multi-signal alerts (identity compromise, cloud control-plane abuse, endpoint persistence, lateral movement, suspicious automation, data exfiltration). • Perform deep log/telemetry analysis across SIEM, EDR, cloud logs, IAM signals, network telemetry, email security, and SaaS audit trails. • Build and validate hypotheses, pivot across data sources, and produce clear incident timelines and scope assessments. • Serve as technical incident lead for defined incident types/severities (or co-lead with IR), driving containment and eradication steps within authorized bounds. • Execute and improve response playbooks for key scenarios (phishing/BEC, credential theft, token/key compromise, suspicious API activity, ransomware indicators, insider risk signals).