• Security Operations Analyst is responsible for the day-to-day monitoring, analysis, and investigation of security threats across enterprise systems and networks. • The role triages and responds to security alerts and incidents, working both independently and in collaboration with senior analysts on known or suspected threats. • The analyst supports incident response, threat intelligence, and forensic analysis activities in alignment with established security best practices and control frameworks. • This includes identifying anomalies, escalating issues as appropriate, and contributing to the improvement of detection and response processes. • Security Operations Analysts may work shifts and participate in on-call rotations to support global operations and ensure continuous security monitoring coverage. • Develop and deliver security reports and metrics to support operational awareness and leadership decision-making. • Identify and support mitigation of information security risks, including evaluating projects and initiatives for alignment with security requirements, policies, and standards. • Support internal and external audits by collecting and analyzing evidence, assessing control effectiveness, and ensuring adherence to established security frameworks and policies. • Track and manage remediation activities, including corrective action plans and audit findings, ensuring timely resolution of identified security issues. • Identify, investigate, and respond to security incidents, including analyzing root cause and impact to contain threats and reduce organizational risk. • Maintain and support security tools, controls, and monitoring capabilities to ensure effective detection and response. • Develop, implement, and continuously improve threat-informed detections and automated response playbooks, including use case development, rule creation, tuning, validation, and optimization through incident feedback and testing. • Monitor systems and security telemetry for violations, vulnerabilities, and anomalous activity. • Analyze and apply threat intelligence to enhance detection, response, and situational awareness. • Identify and support onboarding and validation of security telemetry to ensure effective detection and visibility. • Collaborate with cross-functional teams to support incident response, remediation, and security improvements. • Assist in the evaluation and selection of security technologies and solutions to support detection, monitoring, and response capabilities.

• Building a mock-up environment on the NATO Software Factory to replicate the functionalities that exist in the operational version of COMS today. • Capturing the requirements and demonstrating to industry the functionalities of the current capabilities by demonstrating on the mock-up environment. • Identify and capture the functional and non-functional requirements of what COMS is able to deliver today into a NATO AQAP conforming format. • Create a recorded video introducing what COMS is today, and going through the different requirements captured in D2. • Present a live demo of the COMS mock-up environment as part of an industry engagement day organized by NCIA.

• Design, implement, test, and tune detections across endpoint, identity, cloud, SaaS, network, and application telemetry. • Build detection-as-code practices using version control, testing, peer review, documentation, and repeatable deployment methods. • Improve SIEM and security telemetry pipelines, including log ingestion, parsing, enrichment, correlation logic, alert routing, and case management workflows. • Design and operate practical deception capabilities such as canary tokens, decoy accounts, honey assets, and other high-signal tripwires. • Lead and support incident response investigations — perform severity triage, coordinate containment and remediation, and produce clear post-incident findings. • Work closely with IT, infrastructure, engineering, and game development teams to improve security visibility and response readiness across the environment. • Support selected GRC activities including audit evidence collection, technical control documentation, third-party risk input, and policy or SOP documentation (approximately 20% of time).

• Lead security operations across 9+ markets including Mali, Burkina Faso, Niger, and the Democratic Republic of Congo. • Manage and train security leaders and consultants in each country while responding to crisis scenarios. • Translate Wave's risk appetite into practical security frameworks that protect employees and enable rapid business growth. • Design security systems and processes across Wave while remaining hands-on during critical incidents. • Serve as Wave's primary crisis response leader for security incidents across all markets, providing 24/7 on-call support during emergencies. • Establish and maintain crisis response protocols, evacuation procedures, and emergency communication systems across operating countries. • Build and maintain business continuity plans.