• Collaborating with Security Operations Center (SOC) team members to monitor, detect, and respond to cybersecurity threats in a timely manner. • Responding to cybersecurity incidents from identification through resolution. • Developing and maintaining up-to-date knowledge of the threat landscape, as well as advancements in cybersecurity technologies and methodologies. • Identifying, configuring and onboarding security telemetry sources/logs in support of threat detection and incident response • Collaborating with Engineering and SRE to identify and mitigate logging deficiencies • Developing new detection scenarios and queries to broaden and deepen the team’s detection coverage • Tuning and continuously improving existing detection queries to increase signal-to-noise ratio, and ensure our detections remain relevant and functional • Executing and improving incident response protocols and procedures to swiftly and effectively manage security incidents. • Identifying, developing and maintaining automation solutions to increase the efficiency and effectiveness of the team • Integrating various security and IT tools to enhance threat detection, incident response, and operational efficiency. • Conducting regular security assessments, threat hunts, and continuous monitoring to identify vulnerabilities, opportunities for posture enhancements and better incident preparedness. • Collaborating with Engineering, IT and other departments to support the implementation and evangelization of established cybersecurity best practices across the organization. • Leveraging JIRA for creating and managing dashboards, reports, and metrics that support cybersecurity operations and decision-making.

• Execute on milestones for end-to-end SecOps & Threat initiatives in accordance with the Security roadmap • Identify and respond to complex security incidents, including system compromise, intrusion attempts, and/or denial of service attacks by conducting continuous monitoring, vulnerability assessments, and log analysis • Engage vendors, Infrastructure, IT, GRC, Cloud, and Application Security teams as required to validate alerts, ensure incident resolution, and perform root cause analysis • Research emerging threats, publicly disclosed vulnerabilities or attack vectors, and proactively push mitigating controls to products and services • Perform security forensics • Build security tools and advanced automation that enable the 6sense Security Team to operate at speed and scale • Propose, plan, lead, and execute threat exercises based on current security trends, advisories, publications, and academic research • Mentor engineers across Information Security to drive security controls and risk remediation • Communicate risks and mitigations across multiple audiences with varying levels of sensitivity • Execute on quarterly individual Key Results that support team Objectives (OKRs)

• Act as the primary technical escalation point for complex operational issues across SIEM and continuous monitoring programs, ensuring quick and effective resolutions. • Maintain and optimize critical security systems, including SIEM platforms (e.g., Splunk, ELK, SumoLogic, Sentinel), vulnerability management and scanning tools (e.g., Nessus, Qualys, Tenable), and Anti-Virus/EDR solutions (Trend Micro Deep Security Manager, Microsoft Defender, Crowdstrike). • Oversee continuous monitoring activities for FedRAMP and other compliance programs, including vulnerability scanning, configuration management, security control validation, and compliance artifact generation. • Monitor and improve the team's use of automation and monitoring tools to drive operational efficiency across both SIEM and vulnerability management workflows. • Analyze and resolve system performance issues, ensuring compliance with FedRAMP, SOC, HIPAA, and other security/operational standards. • Participate in incident response, threat hunting, and post-mortem analysis to identify root causes and prevent recurrence. • Manage a team of engineers across SIEM operations and continuous monitoring (vulnerability management) functions, fostering a high-performing and engaged team culture. • Mentor and support the professional growth of engineers through training, feedback, and career development planning. • Assist with hiring, onboarding, and retention to ensure team stability and growth. • Oversee day-to-day delivery of security services, ensuring operational consistency and high-quality outcomes for both SIEM and continuous monitoring programs. • Track and optimize key metrics such as incident response times, vulnerability remediation rates, false positive reduction, operational efficiency, and compliance posture. • Develop and refine processes for incident response, vulnerability remediation, continuous monitoring reporting, and compliance documentation. • Work with cross-functional teams, including consulting teams, SREs, and professional services teams, to improve service delivery and client satisfaction.

About American Technology Services LLC American Technology Services (ATS) started in 1994 with the same mission as today, providing high-quality managed IT services, network support, and cybersecurity services to firms where quality matters most – the organizations that rely heavily on information technology and high levels of services. Over the years, ATS has built client trust that has lasted for years and years. As time goes forward, our consultative approach resonates well, and our “corporate knowledge” about our clients’ IT operations helps our clients perform at a higher level. About the role At ATS, you’ll join a dedicated team focused on Incident Detection & Response, working to protect the people, processes, and technology of our organization. We are seeking an experienced and adaptable Security Operations Engineer to join our Cybersecurity team. This role reports to the Cybersecurity Manager and will play a critical part in responding to cybersecurity incidents across the enterprise. What you'll do Serve as a primary responder to security incidents, including the monitoring, triaging, and investigation of security alerts in a timely manner. Collaborate with cross‑functional teams to document, enhance, and coordinate Incident Response processes. Maintain and organize Cybersecurity documentation, including the creation and upkeep of incident response playbooks. Participate in and/or lead incident post‑mortems, distilling lessons learned into actionable recommendations and comprehensive written reports. Analyze logs and EDR telemetry across a variety of systems, including medical devices, cloud applications, workstations, and data exchange platforms. Conduct investigations across Windows, Linux, iOS, and cloud platforms using SIEM tools and manual log analysis. Participate in a global on‑call rotation. Identify opportunities for automation and for improving detection capabilities. Perform proactive threat hunting to identify emerging tactics, techniques, and procedures (TTPs). Assess and respond to new and evolving threats using threat intelligence to evaluate likelihood and organizational impact. Assist in forensic acquisition, malware analysis, and network analysis. Qualifications Proven ability to translate abstract requirements into clear, actionable steps. Excellent written and verbal communication skills, including the ability to convey technical concepts to non‑technical audiences. Strong work ethic with exceptional attention to detail and organizational skills. Ability to prioritize and multitask effectively in a fast‑paced environment. Capable of working both independently and collaboratively within a team. Conceptual understanding of software development methodologies. Experience with application security, SaaS, or cloud security is a plus. Experience with programming or scripting languages is a plus. Familiarity with cloud environments (e.g., AWS, Azure) and automation frameworks.