• Triage and investigate security alerts across endpoints, identity systems, cloud environments, and production workloads. • Support response efforts for a range of security investigations, including account compromise, endpoint activity, and suspicious behavior in cloud, CI/CD, or production systems. • Collect and analyze relevant data (e.g., logs, system activity) to help scope incidents, identify impacted systems, and track activity across environments. • Escalate higher-risk or unclear activity, and support senior team members in ongoing investigations. • Execute containment or remediation actions as directed, and document findings clearly throughout the investigation lifecycle. • Support vulnerability and posture management efforts by validating findings and helping track remediation activities.

• Triage and investigate security alerts across endpoints, identity systems, cloud environments, and production workloads. • Support response efforts for a range of security investigations, including account compromise, endpoint activity, and suspicious behavior in cloud, CI/CD, or production systems. • Collect and analyze relevant data (e.g., logs, system activity) to help scope incidents, identify impacted systems, and track activity across environments. • Escalate higher-risk or unclear activity, and support senior team members in ongoing investigations. • Execute containment or remediation actions as directed, and document findings clearly throughout the investigation lifecycle. • Support vulnerability and posture management efforts by validating findings and helping track remediation activities.

• Support 24/7 threat detection and incident response • Conduct continuous monitoring, detection, response, and prevention • Operate enterprise-wide detection and response capabilities leveraging SIEM, XRD, and Threat Intelligence platforms • Enhance threat detection rules through scripting and platform configuration • Enhance identity and access management platform’s security posture • Operate Data Loss Prevention (DLP) platform • Enhance endpoint, network, and cloud security posture • Conduct employee security awareness training

• Perform penetration testing of company owned application, networks, and systems • Perform web application and cloud discovery, enumeration, and exploitation • Assist in red team operations and adversary emulation exercises • Assess and communicate the operational risks of exploitation • Create testing plans and methods to find and confirm vulnerabilities • Scope and assess the time needed to complete operational testing tasks • Modify and adapt public exploit code and tools to meet operational requirements • Utilize and develop automation where possible to save time and gain efficiency • Serve as a subject matter expert to the organization for offensive security topics • Provide expertise to security operations, threat intelligence, and forensics, as needed • Work independently and troubleshoot technical and business process-related issues • Experience supporting a variety of different offensive engagements for a large enterprise • Ability to present complex topics, simply, to varying levels of the organization.