• Design and build SecOps tools, including SIEM, SOAR, vulnerability detection and management, EDR, logging pipelines, and user behavior analytics • Develop architecture patterns and solution designs for the security tool ecosystem • Evaluate and integrate new tools and platforms to improve detection, response, and automation capabilities • Build and maintain scalable data ingestion, correlation, and alerting workflows for advanced detection and response • Coordinate with operations engineers to jointly maintain SecOps workflows and ensure platform reliability • Develop automation scripts, playbooks, and workflows in SOAR tools to improve response efficiency and reduce analyst workload • Design and build an internal SecOps product to deliver detection and response capabilities for vulnerabilities, threats, and security incidents • Integrate with the internal observability product and broader corporate SOC functions • Provide technical leadership during incidents, including tool behavior, data quality, and technical issues • Develop, test, and operationalize detection capabilities based on evolving threats and platform telemetry • Create and maintain detection-as-code artifacts such as Sigma rules, YARA, KQL queries, and static analysis rules • Validate detection quality through adversary simulation, purple teaming, or continuous tuning

• Monitor, detect, and respond to security incidents across the organization; • Analyze and correlate security events, alerts, and logs; • Investigate security incidents and recommend remediation actions or workarounds; • Research and assess emerging cyber security threats and mitigation strategies; • Conduct vulnerability assessments and analyze vulnerability reports; • Validate potential findings and support remediation activities; • Contribute to the continuous improvement of SOC monitoring and response processes; • Collaborate with technical teams to implement security best practices; • Produce technical documentation and incident reports.

• Design and implement scalable security controls and platform-level guardrails across our multi-cloud estate: build it once, make it the default everywhere. • Drive a modern secure SDLC by embedding threat modelling, SAST/DAST/SCA, secrets management, and dependency hygiene directly into the developer workflow, not bolted on as an afterthought. • Prototype and deploy AI agents that review code, triage findings, and turn vulnerability noise into actionable signals, becoming the assistant every developer wishes they had. • Own the security of our IaC, CI/CD pipelines, and cloud platforms, making least privilege the default rather than a project. • Partner with engineering to deliver paved paths, libraries, and tooling that make the secure way the easy way. • Run technical security reviews for new applications and infrastructure changes, finding the issues that matter with the evidence to back it up.

• Own enterprise-wide security incident response —ensure the team can detect, triage, contain, eradicate, and recover from incidents across cloud, on-prem, SaaS, and endpoint environments with speed and precision. • Maintain and continuously improve the incident response plan, playbooks, escalation procedures, and communication templates, ensuring they are tested, current, and aligned to NIST CSF 2.0. • Serve as incident commander or executive sponsor for high-severity incidents; make real-time decisions on containment and remediation under pressure. • Coordinate threat response across US and India teams, ensuring consistent coverage, quality, and process regardless of geography. • Own the security and IT tooling portfolio across the company: endpoint management (MDM, EDR), identity infrastructure, SIEM/SOAR, network security, vulnerability scanning, email security, cloud security posture management, and related platforms. • Build and maintain operational metrics and dashboards that provide the CISO and leadership with clear visibility into incident trends, MTTD/MTTR, tool health, SLA performance, and infrastructure posture.