• Triage and investigate security alerts across endpoints, identity systems, cloud environments, and production workloads. • Support response efforts for a range of security investigations, including account compromise, endpoint activity, and suspicious behavior in cloud, CI/CD, or production systems. • Collect and analyze relevant data (e.g., logs, system activity) to help scope incidents, identify impacted systems, and track activity across environments. • Escalate higher-risk or unclear activity, and support senior team members in ongoing investigations. • Execute containment or remediation actions as directed, and document findings clearly throughout the investigation lifecycle. • Support vulnerability and posture management efforts by validating findings and helping track remediation activities.

• Support 24/7 threat detection and incident response • Conduct continuous monitoring, detection, response, and prevention • Operate enterprise-wide detection and response capabilities leveraging SIEM, XRD, and Threat Intelligence platforms • Enhance threat detection rules through scripting and platform configuration • Enhance identity and access management platform’s security posture • Operate Data Loss Prevention (DLP) platform • Enhance endpoint, network, and cloud security posture • Conduct employee security awareness training

• Perform penetration testing of company owned application, networks, and systems • Perform web application and cloud discovery, enumeration, and exploitation • Assist in red team operations and adversary emulation exercises • Assess and communicate the operational risks of exploitation • Create testing plans and methods to find and confirm vulnerabilities • Scope and assess the time needed to complete operational testing tasks • Modify and adapt public exploit code and tools to meet operational requirements • Utilize and develop automation where possible to save time and gain efficiency • Serve as a subject matter expert to the organization for offensive security topics • Provide expertise to security operations, threat intelligence, and forensics, as needed • Work independently and troubleshoot technical and business process-related issues • Experience supporting a variety of different offensive engagements for a large enterprise • Ability to present complex topics, simply, to varying levels of the organization.

• Monitor security events, alerts, dashboards, and operational queues within SIEM, IDS/IPS, and cloud security platforms • Respond to operational tickets, incidents, and service requests within established SLA response timelines • Ensure ticket updates, escalations, documentation, and resolution activities comply with contractual SLA requirements • Perform initial triage and classification of cybersecurity and operational alerts • Escalate incidents in accordance with operational severity classifications and response procedures • Assist with incident investigation, event enrichment, and evidence collection activities • Support ticket management, workflow tracking, and operational documentation within JIRA or equivalent ITSM platforms • Monitor endpoint, network, cloud, and infrastructure telemetry for indicators of compromise or operational degradation • Support vulnerability management activities, including Nessus scan review and remediation tracking • Monitor and support security operations within AWS and Microsoft Azure cloud environments • Support Appgate Secure Access and Zero Trust access monitoring activities • Assist with Splunk dashboard monitoring, search analysis, correlation review, and alert validation • Support operational reporting, metrics collection, SLA tracking, and audit readiness activities • Maintain situational awareness across connected, degraded, and disconnected operational environments • Follow established cybersecurity procedures, change control processes, escalation paths, and operational playbooks • Participate in shift turnover briefings and operational status reporting • Support coordination activities between NOC, CSOC, engineering, cloud operations, and field support personnel • Maintain operational logs, incident records, and audit documentation