Role Description Duties include identifying, defining, configuring, executing and maintaining automation scripts and tools in support of the brand’s information security initiatives. The ideal candidate will have experience with common scripting languages such as Python, PowerShell, Bash, etc. The ideal candidate will be familiar with Security Orchestration Automation and Response Tools such as MSFT Sentinel, Entra ID, Defender, etc. Experience writing information security playbooks is ideal. The candidate will play a major role in our cyber threat hunt automation efforts, including the vetting of new models and procedures to identify and react to anomalous network and/or endpoint behaviors. Regular collaboration with multiple teams such as Endpoint Security and Threat & Vulnerability Management as well as Security Operations peers will be critical to success. Responsibilities - Creates automation playbooks in coordination with organization peers to reduce the number of tedious/manual tasks (freeing up time for other information security tasks). - Administration, configuration, maintenance, and support of the MSFT Sentinel environment. - Creation, evaluation, updating, and maintenance of Information Security Incident Management Playbooks. - Participates in security incident response efforts by, among other things, having an in-depth knowledge of common security exploits, vulnerabilities and countermeasures. - Investigation of Cyber Security threats. - Identifies, creates, and maintains opportunities for threat intelligence automation. Qualifications - Experience automating security functions with a scripting language such as Python, Powershell, etc. - Experience with a Security Orchestration Automation and Response tool such as MSFT Sentinel, Entra ID, Defender, etc. - Hands-on experience with information security tools such as an enterprise SIEM solution, IDS/IPS, endpoint security solutions, email/web security gateways, and other security detection/mitigation devices. - Experience with host-based and/or network-based forensics tools and techniques. - A curious mindset with attention to detail. - Experience with multiple operating systems to include Windows, Mac OS, and Unix/Linux. - Demonstrate the ability to provide written and verbal communications to management to address real-time issues and incidents, including writing formal incident reports and assisting with intelligence reports. - Advanced problem-solving skills, ability to develop effective long-term solutions to complex problems. - At least one certification within the Information Security, Information Assurance or Cybersecurity field such as GIAC, OWASP, ISC2, or similar. - Threat Hunting Experience. - Regular Expression (regex) experience. Requirements - It is expected that you will primarily perform work remotely. You may be asked to travel, as needed, to the Wendy's Restaurant Support Center (RSC) (1 Dave Thomas Blvd, Dublin, OH 43017), or to other location(s) as designated by the Company. - Changes to work location arrangements are subject to managerial approval and business needs. Benefits - The target annual bonus for this role is 7.5% of annualized base salary, based on actual company and personal performance. - Our restaurant support roles are eligible for a wide array of benefits, including things such as parental leave, free EAP sessions, company 401k match and other great offerings. - For more details about our benefits, including an overview of eligibility and terms for certain benefits, please visit our benefits website, www.wendysbenefits.com.

• Conduct proactive threat hunting and refine detection logic for improved accuracy and context • Implement, configure, and optimize security tools, SIEM integrations, and data connections • Monitor and validate security telemetry to identify visibility gaps and improve detection coverage • Respond to escalated security incidents, performing analysis, containment, remediation, and root cause investigation • Collaborate with IT, cloud, and development teams to strengthen security controls and visibility • Create and maintain detailed incident documentation, timelines, and lessons learned • Continuously improve playbooks, automation, operational processes, and detection effectiveness • Contribute to process and capability development across the team • Assist with onboarding and troubleshooting data sources and connectors within Microsoft Sentinel

**About ProArch:** At ProArch, we partner with businesses around the world to turn big ideas into better outcomes through IT services that span cybersecurity, cloud, data, AI, and app development. We’re 400+ team members strong across 3 countries (we call ourselves ProArchians)—and here’s what connects us all: - A love for solving real business problems - A belief in doing what’s right **What’s it like to work here?** - You’ll keep growing. You’ll work alongside domain experts who love to share what they know. - You’ll be supported, heard, and trusted to make an impact. - You’ll take on projects that touch industries, communities, and lives. - You’ll have the time to focus on what matters most in your life outside of work. At ProArch, you’ll be part of teams that design and deliver technology solutions solving real business challenges for our clients. With services spanning AI, Data, Application Development, Cybersecurity, Cloud & Infrastructure, and Industry Solutions, your work may involve building intelligent applications, securing business‑critical systems, or supporting cloud migrations and infrastructure modernization. Every role here contributes to shaping outcomes for global clients and driving meaningful impact. You’ll collaborate with experts across data, AI, engineering, cloud, cybersecurity, and infrastructure—solving complex problems with creativity, precision, and purpose. You’ll join a culture rooted in technology, curiosity, and continuous learning. A place where we move fast, trust you to make an impact, encourage innovation, and support your growth. **About Position:** At ProArch, a leader in IT security consulting with presence in the US, UK, and India, we are looking for a skilled L3 SOC Analyst / Incident Response Analyst to join our Security Operations Center (SOC) team. In this critical role, you will be responsible for advanced incident detection, investigation, and response to complex cybersecurity threats. Leveraging your extensive experience and expertise, you will lead incident response activities, perform deep-dive analysis, and coordinate with cross-functional teams to mitigate risks and strengthen our security posture. If you thrive in a dynamic, fast-paced environment and are passionate about defending organizations against sophisticated cyber threats, this position is ideal for you.Role Summary ProArch are seeking a highly skilled and technically strong L3 SOC Analyst / Incident Response Analyst to operate within a Managed Security Services Provider (MSSP) environment, supporting multiple customer environments across diverse industries. **This role is heavily focused on:** - Incident Response - Threat Investigation - Detection Engineering - DFIR Operations - SOC Automation - Threat Hunting - Security Platform Engineering - Response Workflow Optimization The ideal candidate combines strong incident response expertise, deep Microsoft security platform knowledge, hands-on detection engineering capability, and SOC automation experience within a fast-paced MSSP environment. This is not a traditional alert-monitoring SOC Analyst role. The position requires strong investigative, analytical, and response-oriented cybersecurity capabilities. **Key Responsibilities** **1. Incident Response & Threat Investigation** • Lead and support advanced security incident investigations across multiple customer environments **Perform:** - Threat triage and validation - IOC analysis and threat correlation - Endpoint and identity investigations - Email security investigations - Cloud security incident analysis - Root cause analysis **Investigate and respond to:** - Account compromise incidents - Business Email Compromise (BEC) - Malware and ransomware activity - Privilege escalation - Lateral movement activity - Suspicious cloud and identity-based attacks - Advanced phishing and social engineering campaigns - Coordinate containment, remediation, and recovery activities with customer and internal teams - Support high-severity incident escalation handling and response coordination - Provide detailed investigation findings, timelines, impact assessments, and response recommendations - Conduct proactive threat hunting and threat validation activities where required - Support digital forensics and evidence collection activities when applicable **2. Detection Engineering & SIEM Operations** Design, develop, and maintain advanced detection rules across: - Microsoft Sentinel - Microsoft Defender XDR Develop and optimize: - KQL queries - Analytics rules - Correlation logic - Detection use cases **Perform:** - Detection tuning - False positive reduction - Behavioral baselining - Threat-based detection improvements - Build and maintain reusable detection content and query libraries - Support proactive detection engineering initiatives aligned with emerging threats and attacker techniques - Leverage threat intelligence and MITRE ATT&CK mapping to improve detection coverage **3. SOC Automation & SOAR Engineering** Design and implement SOC automation workflows using: - Microsoft Sentinel Playbooks - Logic Apps - SOAR platforms - API-driven integrations **Build workflows for:** - Alert enrichment - Incident routing - Automated containment actions - Threat intelligence enrichment - Ticket synchronization - Investigation acceleration - Develop scalable automation frameworks to improve SOC operational efficiency - Support continuous optimization of SOC workflows and automation coverage - Create automation standards and reusable workflow templates across customer environments **4. Microsoft Security Platform Operations** **Provide hands-on operational support, investigation, tuning, administration, and engineering for:** - Microsoft Defender for Endpoint (MDE) - Microsoft Defender XDR - Microsoft Defender for Identity (MDI) - Microsoft Defender for Office 365 (MDO) - Microsoft Defender for Cloud Apps (MDCA) - Microsoft Purview - Microsoft Identity Protection / Entra ID - Microsoft Sentinel **5. AI Security & Modern Threat Operations** Support detection and response activities related to: - AI-orchestrated attacks - Identity-based attacks - Cloud-native threats - Advanced phishing and social engineering campaigns - Leverage AI-assisted SOC operations and automation capabilities where applicable - Support modern detection strategies aligned with evolving attacker techniques - Evaluate opportunities to integrate AI-driven efficiencies into detection, investigation, and response workflows **6. Client & Operational Support** - Participate in customer incident discussions and escalation calls when required - Support onboarding of new customer environments and security integrations - **Maintain:** - Investigation playbooks - SOPs - Workflow documentation - Operational runbooks - Detection documentation **Collaborate closely with:** - SOC Operations - Security Engineering - Vendors - Consulting teams - Customer stakeholders - Support operational improvement initiatives across SOC and DFIR functions

• Helping to develop architectural requirements and corresponding engineering processes and technologies to support Collibra’s cloud-native platform • Design and tune cloud-native detection rules and threat models for AWS GuardDuty, Microsoft Defender for Cloud, and GCP Security Command Center • Conduct continuous vulnerability assessments of cloud workloads, container images, and serverless functions • Develop, continuously improve, and ensure compliance with controls built for the cloud-native platform • Partner with engineering teams to prioritize and drive remediation of cloud security findings • Plan, organize, and manage multiple responsibilities from various stakeholders and sometimes competing requests to achieve desired objectives • Maintain and update CloudFlare WAF rules to work with the Collibra product. • Evaluate and deploy cloud workload protection platforms (CWPP) and container security tooling • Assist with technical response efforts for cloud security incidents, perform forensic analysis, and contribute to root-cause investigation • Write production-quality code in Python, Golang/Go, or similar languages to build internal security tooling and automation • Integrate security tooling into developer workflows to reduce friction while improving security outcomes • After hours on-call support may occasionally be required