• Monitor security logs and alerts from various sources, including intrusion detection systems, Endpoint Detection and Response (EDR) systems, and security information and event management (SIEM) tools. • Investigate and analyze security incidents, identify root cause, and develop appropriate mitigation strategies. • Execute security response actions, including full remote remediation of endpoints. • Perform threat hunting and proactive analysis to identify potential security risks and vulnerabilities. • Collaborate with cross-functional teams, including product, engineering, and support, to resolve customer incidents or issues. • Mentor and provide guidance to junior security analysts, sharing knowledge and best practices. • Conduct health checks and architecture reviews, providing technical expertise and real-life experience in creating solutions, designs, and recommendations. • Be a strong voice for your customers across business to identify new detection models, identify new product features, build content for both internal and external customer knowledge bases, and ensure successful Vectra deployments. • Travel expected 0-5%

• Triage and investigate security alerts across endpoints, identity systems, cloud environments, and production workloads. • Support response efforts for a range of security investigations, including account compromise, endpoint activity, and suspicious behavior in cloud, CI/CD, or production systems. • Collect and analyze relevant data (e.g., logs, system activity) to help scope incidents, identify impacted systems, and track activity across environments. • Escalate higher-risk or unclear activity, and support senior team members in ongoing investigations. • Execute containment or remediation actions as directed, and document findings clearly throughout the investigation lifecycle. • Support vulnerability and posture management efforts by validating findings and helping track remediation activities.

• Triage and investigate security alerts across endpoints, identity systems, cloud environments, and production workloads. • Support response efforts for a range of security investigations, including account compromise, endpoint activity, and suspicious behavior in cloud, CI/CD, or production systems. • Collect and analyze relevant data (e.g., logs, system activity) to help scope incidents, identify impacted systems, and track activity across environments. • Escalate higher-risk or unclear activity, and support senior team members in ongoing investigations. • Execute containment or remediation actions as directed, and document findings clearly throughout the investigation lifecycle. • Support vulnerability and posture management efforts by validating findings and helping track remediation activities.

• Support 24/7 threat detection and incident response • Conduct continuous monitoring, detection, response, and prevention • Operate enterprise-wide detection and response capabilities leveraging SIEM, XRD, and Threat Intelligence platforms • Enhance threat detection rules through scripting and platform configuration • Enhance identity and access management platform’s security posture • Operate Data Loss Prevention (DLP) platform • Enhance endpoint, network, and cloud security posture • Conduct employee security awareness training