• Monitor Delinea security platforms to identify, investigate, and respond to security events. • Lead cross-functional response coordination for security incidents. • Develop, design, and implement security operations enhancements to reduce risk. • Work with other business areas to enhance security and provide security awareness. • Research, evaluate, and implement security products and services as directed by security management.

• Architect the Modern SOC → Lead the end-to-end design of a cloud-native SOC, defining the strategy, Azure technical architecture, and operational model aligned with Zero Trust and business needs. • Translate Risk into Detection → Convert abstract security strategies and business risks into actionable detection logic by designing and maintaining advanced analytics rules using KQL in Microsoft Sentinel. • Optimize Security at Scale → Design cost-efficient ingestion and retention strategies, including Log Tiering (Analytics, Basic, Archive), balancing visibility, performance, and Azure ingestion costs. • Engineer SIEM & XDR Integrations → Architect seamless integrations between Microsoft Sentinel and the Microsoft Defender XDR suite (MDE, MDI, MDA, MDO), enabling bi-directional synchronization and enriched incidents. • Automate Response & Operations → Design and implement advanced SOAR playbooks using Azure Logic Apps or Power Automate to automate incident enrichment, response, and containment actions. • Enable Operational Excellence → Define SOC workflows, incident response processes, health monitoring, and KPI visualization (MTTD, MTTR, FPR), while mentoring Tier 3 analysts and ensuring sustainable operations.

• Act as the primary technical escalation point for complex operational issues, ensuring quick and effective resolutions. • Maintain and optimize critical systems, including SIEM platforms (e.g., Splunk, ELK, SumoLogic, Sentinel), Anti-Virus tools (Trend Micro Deep Security Manager, Microsoft Defender, Crowdstrike) and vulnerability management tools (e.g., Nessus, Qualys, Burp). • Monitor and improve the team’s use of automation and monitoring tools to drive operational efficiency. • Analyze and resolve system performance issues, ensuring compliance with security and operational standards. • Participate in incident response and post-mortem analysis to identify root causes and prevent recurrence. • Mentor and support the professional growth of engineers through training, feedback, and career development planning. • Assist with hiring, onboarding, and retention to ensure team stability and growth. • Oversee day-to-day delivery of security services, ensuring operational consistency and high-quality outcomes. • Track and optimize key metrics such as incident response times, operational efficiency, and compliance posture. • Develop and refine processes for incident response, vulnerability remediation, and compliance reporting. • Work with cross-functional teams, including consulting teams, SREs, and professional services teams, to improve service delivery.

• Lead and coordinate responses to security incidents, including ransomware, host compromise, credential and account compromise, phishing, insider threats, third-party risks, and data spillage while collaborating closely with information security leadership, business stakeholders, and the rest of the incident response team • Produce clear, accurate incident documentation and post‑incident analysis focused on root cause and measurable improvement • Participate in incident response tabletop exercises to identify gaps, enhance skills, and engage stakeholders; review technical reports from vulnerability and penetration testing assessments to identify potential exposure to future incidents • Improve Security Operations practices by contributing to the development, refinement, and maintenance of SOC procedures, playbooks, policies, and guidelines • Assess the effectiveness of security controls and technical risks across hosting environments, and communicate findings clearly to both technical and non-technical stakeholders • Own and act as a subject matter expert for one or more core security tools or platforms, ensuring data quality, reliable operation, and effective use.