• Own and drive the strategy, roadmap, and maturation of LastPass's Security Operations function - translating the threat landscape into a multi-year program plan that scales with the business • Lead all response operations across the full incident lifecycle, from detection and triage through containment, eradication, recovery, and post-incident review • Build, develop, and retain a high-performing team of analysts and engineers - setting clear performance expectations, career development pathways, and a culture of operational excellence • Partner with the CISO, Legal, and Communications to manage high-severity incidents, coordinating executive response and fulfilling regulatory notification obligations • Define and own detection and response program metrics, SLAs, and reporting frameworks - providing the CISO and board with clear, evidence-based visibility into program maturity and risk posture • Champion the integration of AI-assisted triage, automation pipelines, and Detection-as-Code methodologies to reduce analyst toil and drive down mean-time-to-respond • Establish and maintain strategic relationships with external partners - including threat intelligence vendors, law enforcement, and industry information-sharing groups — to strengthen LastPass's situational awareness • Collaborate across Business Technology, Cloud Security, and Platform Engineering to ensure cohesive detection coverage and coordinated response capability across the full technology estate

• Own and drive the strategy, roadmap, and maturation of LastPass's Security Operations function - translating the threat landscape into a multi-year program plan that scales with the business • Lead all response operations across the full incident lifecycle, from detection and triage through containment, eradication, recovery, and post-incident review • Build, develop, and retain a high-performing team of analysts and engineers - setting clear performance expectations, career development pathways, and a culture of operational excellence • Partner with the CISO, Legal, and Communications to manage high-severity incidents, coordinating executive response and fulfilling regulatory notification obligations • Define and own detection and response program metrics, SLAs, and reporting frameworks - providing the CISO and board with clear, evidence-based visibility into program maturity and risk posture • Champion the integration of AI-assisted triage, automation pipelines, and Detection-as-Code methodologies to reduce analyst toil and drive down mean-time-to-respond • Establish and maintain strategic relationships with external partners - including threat intelligence vendors, law enforcement, and industry information-sharing groups — to strengthen LastPass's situational awareness • Collaborate across Business Technology, Cloud Security, and Platform Engineering to ensure cohesive detection coverage and coordinated response capability across the full technology estate

• Assist in maintaining and enforcing PCI-DSS compliance across client environments • Help develop and document security templates, policies, SOPs, and audit artifacts • Support creation of standardized security forms, checklists, and processes • Coordinate with internal teams (L2/L3, Engineering) to ensure compliance alignment • Assist in preparing for audits and collecting required documentation/evidence • Monitor and track security-related tasks, requests, and remediation efforts • Contribute to continuous improvement of security protocols and procedures

• Review and respond to security alerts and tickets generated from the client’s monitoring and security platforms • Investigate and triage alerts related to endpoint security, email threats, suspicious authentication attempts, and network security events • Perform incident response activities including documentation, remediation actions, and escalation handling • Validate email and phishing-related incidents using Mimecast and other workflows • Monitor endpoint alerts and investigate identity/authentication alerts from Microsoft environments • Support security investigations involving firewall alerts and authentication platforms