• Design and implement Microsoft 365 E5 solutions, focusing on both productivity and security workloads according to Microsoft and Coretek best practices. • Design and implement enterprise collaboration solutions across Microsoft Teams (chat, meetings, lifecycle management, governance), SharePoint Online (Permissions, Access control, governance), OneDrive for Business (storage, sharing, lifecycle management), and Exchange Online (mail flow, protection, hybrid scenarios). • Lead migration and modernization projects, including Exchange and file migrations to Microsoft 365 and tenant-to-tenant or hybrid transformations. • Establish governance for collaboration, external sharing, and data lifecycle management. • Drive improvements in user productivity, adoption, and collaboration effectiveness across client environments. • Design and implement Microsoft Intune (MDM/MAM) solutions including device enrollment, provisioning, application deployment, and mobile application management. • Configure device compliance policies, endpoint security controls, and Conditional Access integration with device state. • Lead modern endpoint transformation initiatives including Windows Autopilot, co-management, and cloud-first device management strategies. • Develop governance and standards for device management across enterprise clients. • Implement Microsoft 365 E5 security solutions, including Microsoft Defender (Endpoint, Identity, Office 365, Cloud Apps) and Microsoft Purview (DLP, retention, eDiscovery, compliance management). • Implement Zero Trust-aligned security controls and best practices across client environments. • Develop and enhance security monitoring, policies, and automation. • Assess client security infrastructure, identify vulnerabilities, and recommend Coretek services to address gaps. • Design and implement Microsoft Entra ID (Azure AD) solutions including Conditional Access, MFA, and identity lifecycle management. • Implement authentication strategies and hybrid identity configurations including directory synchronization (AADC) and related components. • Act as the technical lead on engagements, collaborating with architects and engineering teams on solution design and implementation. • Establish, document, and communicate standards and best practices across M365 workloads in accordance with Coretek methodologies. • Follow Coretek implementation plans and QC guides when working on projects, contributing feedback and continuous improvement to the process. • Self-manage projects by escalating risks and issues while working within project scope and budget. • Mentor junior consultants and contribute to practice development. • Provide training and knowledge transfer to client IT staff on Microsoft technologies and best practices. • Stay current on Microsoft 365 roadmap across productivity, endpoint management, and security domains. • Speak with clients to identify opportunities within their organization to address pain points where additional Coretek products and services can be leveraged.

Role Description The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact. ServiceNow’s Security Incident Command (SIC) team is seeking an experienced senior security incident commander to join our fast-growing team. This role will support the orchestration of incident response strategy and communications during critical information security-related incidents. The SIC team maintains and executes the Major Security Incidents (MSI) lifecycle within ServiceNow, including Preparation, Response, and Recovery. MSIs are our most challenging and impactful security incidents which pose active or heightened risk to the company and/or our customers. - Orchestration of response and remediation of incident response for highest criticality security events. - Take ownership and lead response to critical incidents within the company. - Establish and mature documentation surrounding protocols and procedures governing the security incident command team. - Prepare and deliver communications, including executive summaries and incident briefings, to key stakeholders during and after incident response. - Conduct rapid response, mitigation, and investigations on the highest priority cases impacting ServiceNow and user data. - Partner with the team members across multiple regions to drive response and investigations globally. - Organization and facilitation of scenario-based exercises to test and improve incident management and response strategies. - Maintenance of existing playbooks and procedures, as well as developing new ones, to further standardize SIC and its partners' responses when verifying MSIs. - Contribute to the organization and completion of Post-Incident Reviews (PIRs) and Root Cause Analyses (RCAs) following major security incidents. - Identify new ways to simplify, integrate, automate and refine the major security incident process to better support internal and external stakeholders. Qualifications - Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making or problem-solving. - 12+ years of total cybersecurity professional experience or similar experience with education. - 5–8+ years of deep domain expertise in incident response and/or incident management. - Experience leading or supporting complex security incidents to resolution end-to-end. - Excellent verbal and written communication skills (English). - Comfort communicating complex topics in a clear and concise manner to different tiers of audiences (highly technical, less technical, executives, practitioners). - Problem-solving and decision-making skills. - Ability to quickly and accurately assess a situation, identify and prioritize risks, and make sound decisions. - Familiarity with cybersecurity principles and frameworks (e.g. MITRE ATT&CK). - Knowledge across multiple security domains is a plus. - Experience planning and/or orchestrating tabletop exercises is a plus. Requirements - West Palm Beach Florida (WPB) is available for relocation. Full relocation costs are provided by ServiceNow. - For positions in this location, we offer a base pay of $165,500 - $289,600, plus equity (when applicable), variable/incentive compensation and benefits. - Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. - Compensation is based on the geographic location in which the role is located and is subject to change based on work location. Benefits - Health plans, including flexible spending accounts. - 401(k) Plan with company match. - Employee Stock Purchase Plan (ESPP). - Matching donations. - Flexible time away plan. - Family leave programs.

• Lead the cybersecurity operations and security engineering function across corporate, cloud, hybrid, and production environments. • Manage and develop security engineers and analysts responsible for monitoring, detection, response, infrastructure security, vulnerability management, and operational security controls. • Own monitoring, detection, and response capabilities, including SIEM, EDR/XDR, DLP, vulnerability management, firewall, WAF, email security, identity security, and cloud security tooling. • Serve as the operational control point during significant cybersecurity incidents, coordinating response across Security, IT, Engineering, Legal, Communications, GRC, and executive stakeholders. • Develop, maintain, and test incident response playbooks, escalation paths, tabletop exercises, on-call procedures, and post-incident review processes. • Lead post-incident reviews and ensure root-cause remediation, lessons learned, and control improvements are completed. • Evaluate, implement, and optimize security solutions across endpoint, identity, network, email, cloud, logging, detection, and response platforms. • Partner with IT and Engineering to strengthen cloud, hybrid, and corporate security controls, including identity, network segmentation, key management, secrets management, privileged access, endpoint hardening, and secure configuration management. • Support GovRAMP and PCI DSS control requirements related to logging, monitoring, vulnerability management, incident response, endpoint security, access control, encryption, cloud security, configuration management, and evidence collection. • Drive measurable risk reduction across infrastructure, endpoints, cloud environments, identity systems, and business-critical services. • Own operational vulnerability management processes for infrastructure, cloud, endpoint, and corporate systems. • Support business continuity, disaster recovery, and resilience planning from a cybersecurity perspective. • Manage cybersecurity operations budget inputs, including vendor evaluation, renewals, tool rationalization, and investment recommendations. • Develop operational security metrics and reporting for executive leadership, including incident trends, vulnerability risk, detection coverage, response performance, control health, and remediation progress. • Stay ahead of evolving threats, including cloud-native attacks, identity compromise, ransomware, AI-enabled threats, and emerging attacker techniques. • Participate in or manage the security on-call rotation.

• Write clean, structured scripts (primarily Python and Bash) to automate repetitive security operations, optimize incident response workflows, and eliminate manual overhead. • Build, test, and deploy custom detection rules to flag anomalous behavior, misconfigurations, and potential threats across our cloud infrastructures (AWS, GCP, or Azure). • Design, construct, and maintain security dashboards (using tools like ELK/Elasticsearch, Splunk, Datadog, or SIEM platforms) to give our team clear, real-time visibility into our risk posture.