• Lead the team responsible for how Rula detects, investigates, responds to, and learns from security events. • Manage and coach a team of engineers while remaining close to technical work such as detection design, alert tuning, incident response, runbooks, operations, and security automation. • Manage the relationships with security operations vendors and work closely with Security, Engineering, IT, Compliance, Privacy, and external partners to improve Rula's ability to protect patient and provider data. • Build practical security operations in a high-trust environment where clear communication, sound judgment, and measurable outcomes matter more than titles or jargon.

• Act as liaison with our Managed Security Service Provider (MSSP), reviewing Tier 1/2 alert summaries, validating findings with organizational context, and facilitating escalations for hands-on resolution • Conduct real-time troubleshooting, log analysis, endpoint forensics, and containment actions on internal systems using tools like MS Defender, Wiz, and Tenable • Participate in incident response activities, ensuring timely communication with stakeholders and proper documentation of security events • Support our endpoint security solutions, including EDR solutions across the enterprise • Monitor endpoint compliance, investigate agent health issues, and coordinate remediation with IT teams • Perform regular health checks, updates, and optimization of security agents to ensure maximum coverage and performance across all organizational assets • Generate compliance reports, executive briefings, and threat intelligence summaries for leadership and cross-functional teams (IT, Legal, Governance, Program Security)

• Continuously monitoring the alert queue for multiple clients, from small business to large organizations using multiple tools, such as IDS, SIEM and SOAR. • Conducting initial triage and investigation of alerts to identify potential true positives, false positives, policy violations, and compromises. • Escalating problematic alerts for client review and validation via email or phone. • Performing basic threat hunting activities against customer networks. • Assist with writing customer facing reports: Threat report, Advisories or Vulnerabilities. • Interfacing with customers to remediate security issues. • Meeting timely Service Level Agreements (SLAs) for the full alert and case life cycle.

• Deliverable 1: Mock-up of COMS NR/NS environment on the NATO Software Factory • Deliverable 2: Identification and documentation of the COMS requirements • Deliverable 3: Creation of a video demonstrating the identified requirements in D2 • Deliverable 4: Demonstration of the COMS mock-up environment