• Understand that as the Tier 3 (highest level) engineer, you’re expected to handle potential incidents and act as the as a subject matter expert for all security-related tickets that come into the team's various queues (including triage, containment, and remediation when necessary). • Receive incident escalations from Tier 1 and 2 analysts, assisting with real-time advanced analysis, response, and reporting. • Mentor and assist in training Tier 1 and 2 analysts to aid in their skills development and analytical capabilities. • Proactively hunt for threats and enacting identification, containment, and eradication measures while supporting recovery efforts. • Serve as a point person for coordination with appropriate parties during a security incident – client, management, legal, security, operations, etc. • Create thorough reports and documentation of all incidents and procedures, presenting findings to team and leadership on a routine basis. • Incident Response: remote remediation when possible and working with onsite teams when necessary. • Detailed documentation of events and remediation steps taken. • Root Cause Analysis: initiation and follow-through to ensure quality forensic materials are captured, writing reports with details and timelines of events with recommendations to avoid future occurrences. • Assist in the general maintenance and improvement of procedures, processes and playbooks. • Conduct research regarding the latest methods, tools, and trends in digital forensics analysis. • Conduct analysis using logs, previous alerts, etc. to identify trends to identify and prevent potential incidents. • Follow standard operating procedures (SOPs) to ensure tickets are triaged appropriately and in a timely manner, according to SLAs. • Excel at documentation and detailed notetaking, including SOP writing, incident reporting, e-mail and instant messaging etiquette, and most importantly, documenting incident actions in tickets. • This role is responsible for completing incident reports and forensic reports, when appropriate, so competent writing skills are necessary. • Ability to know when to appropriately escalate a potential issue to peers and/or leadership. • Desire to learn new concepts and technologies to grow and take on more responsibility over time. • Ability to communicate risk, prioritize incident response actions, and keep a cool head under pressure. • Advanced experience with security tools like Splunk, CrowdStrike EDR, Carbon Black EDR, Proofpoint tools, Microsoft Defender components, Cyberhaven DLP, Axiom Cyber and open-source forensic tools, Cylance Protect, Office 365 tools, PowerShell, and various network tools, etc. • Understanding the various stages of incident response, the importance and critical factors of an investigation, and how to contain as soon as possible. • Have experience with the incident response lifecycle, the Lockheed Martin Cyber Kill Chain, the MITRE framework, and the forensic workflows as outlined by NIST. • Work with development teams to ensure they're using best practices and company processes in their daily activities. • Drive self-organization; help determine how the team functions in collaboration with your peers. • Build strong relationships with cross-functional team members between the three tiers of the CSOC. • Participate in off-hours on-call incident handler rotation, which is a requirement for this role, as incidents may be escalated outside of normal business hours by our 24/7/365 Tier 2 team. Tier 3 teammates rotate on-call responsibilities which requires each teammate to be formally on-call roughly one week a month.

• Oversee all active executive protection deployments • Coordinate agent scheduling and assignment logistics • Develop operational plans for residential and travel protection • Lead pre-mission briefings and post-mission reviews • Ensure proper documentation for every assignment • Recruit, vet, and onboard contractors • Maintain a strong national roster of vetted agents • Evaluate performance and enforce standards • Ensure all deployments comply with state licensing requirements • Maintain clean operational records • Act as the operational point of contact once clients are onboarded

• Monitor, detect, analyze, and respond to security threats in real time. • Lead incident response efforts—from containment to recovery. • Hunt for threats, analyze logs, and fine‑tune detection rules. • Perform forensic investigations and reconstruct attack paths. • Harden servers, workstations, and network infrastructure using CIS, STIGs, and best practices. • Manage and optimize firewalls (Palo Alto, Fortinet, SonicWall), IDS/IPS, SIEM, and EDR tools. • Drive vulnerability management and partner with teams to remediate risks. • Create clear documentation, playbooks, and security reports.

Ready to take your cybersecurity career to the next level? We’re looking for a Security Operations Engineer II who thrives on solving complex security challenges and protecting critical infrastructure from real-world threats. If you love threat hunting, incident response, and hardening systems to perfection, this role is for you. What You’ll Do - Monitor, detect, analyze, and respond to security threats in real time. - Lead incident response efforts—from containment to recovery. - Hunt for threats, analyze logs, and fine‑tune detection rules. - Perform forensic investigations and reconstruct attack paths. - Harden servers, workstations, and network infrastructure using CIS, STIGs, and best practices. - Manage and optimize firewalls (Palo Alto, Fortinet, SonicWall), IDS/IPS, SIEM, and EDR tools. - Drive vulnerability management and partner with teams to remediate risks. - Create clear documentation, playbooks, and security reports. What You Bring - 5+ years Windows/Linux admin experience + 3+ years in security operations/IR/forensics. - Deep knowledge of OS internals, firewalls, network security, and security frameworks. - Hands-on experience with SIEM, EDR, IDS/IPS, and vulnerability scanners. - Strong analytical, communication, and documentation skills. - Ability to stay calm and effective during high-severity incidents. - Passion for continuous learning and staying ahead of emerging threats. - Experience with MSP/MSSP environments a plus; SonicWall experience preferred. Additional certifications (preferred) Security+, PenTest+, (ISC)² Associate, SSCP Other Details Rotational on-call and occasional off-hours support required.