• Run daily, weekly, and periodic IT and security checklists, with a focus on Google SecOps/Chronicle monitoring • Perform health checks across GCP infrastructure, SaaS applications, and security tooling (alerts, compliance, CI/CD pipelines) • Troubleshoot security or infrastructure issues, document fixes, and raise follow-up actions • Collaborate with DevOps and InfraOps on platform-level and security-related issues • Identify and propose security and platform improvements as you gain business context • Implement automation, security tooling, and platform enhancements to strengthen cloud and SaaS environments • Contribute to scripts, dashboards, and operational improvements with a focus on security and compliance • Feed insights from day-to-day work into long-term IT security and operational strategy • Occasionally assist with IT support tasks across systems, hardware, and software • Prioritize tasks effectively and align timelines with stakeholders

• Monitor security alerts and events in a 24x7 SOC environment. • Perform initial triage and validation of alerts to determine severity and impact. • Conduct advanced alert investigation and analyze security events across identity, endpoint, and network telemetry. • Handle Tier I escalation workflows and support Tier II incident response activities. • Coordinate incident containment efforts and escalate complex incidents to Tier III as needed. • Monitor log ingestion pipelines and ensure data sources are functioning properly. • Document incidents, findings, and response actions in accordance with SOC procedures. • Contribute to daily reporting and provide accurate shift handoff documentation. • Identify trends, anomalies, and potential threats through continuous monitoring and analysis. • Collaborate with cross-functional teams to support incident resolution and improve detection capabilities.

• Lead and coordinate end-to-end incident response for high-severity security events within a 24/7 global on-call model, with this role operating during U.S. business hours. • Prepare clear executive communications that keep stakeholders informed during incidents • Investigate complex security incidents across cloud environments, applying strong Digital Forensics and Incident Response (DFIR) methodologies • Partnering with Signals Engineering to design and implement detection capabilities, including SIEM use cases, alerting strategies, and telemetry pipelines • Build and enhance automation and AI-assisted workflows to improve triage, investigation speed, and response consistency • Partner with Threat Intelligence to contextualize threats and improve detection coverage • Conduct root cause analysis (RCA) and lead post-incident reviews to drive continuous improvement and risk reduction • Develop and maintain runbooks, playbooks, and operational documentation • Collaborate cross-functionally (Engineering, Infrastructure, Legal, Product, Communications, etc) during incidents and lead proactive initiatives (e.g. tabletops) • Mentor other engineers and help elevate the team’s overall incident response maturity

• Receipt and categorisation of initial event, incident and requests from customers. • Provide initial triage and trigger escalation/assignment as appropriate. • Investigation of event alerts and liaising with the customer to confirm closure. • 24/7 rota in 8 hour shift pattern