• Own the Microsoft Security Stack • Manage and optimize Microsoft 365 Defender, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Defender for Office 365 • Administer and tune Microsoft Sentinel - build and maintain KQL detection rules, analytics rules, workbooks, and playbooks • Monitor the Microsoft Secure Score, prioritize improvement actions, and drive remediation across the tenant • Configure and maintain Conditional Access policies, Microsoft Entra ID (Azure AD) security settings, and Privileged Identity Management (PIM) • Monitor and respond to security alerts, incidents, and investigations across Defender XDR and Sentinel • Develop and maintain incident response playbooks, automation workflows (Logic Apps / SOAR), and escalation procedures • Perform threat hunting using KQL and identify gaps in detection coverage • Conduct vulnerability assessments and lead remediation efforts in coordination with IT and engineering teams • Evaluate and respond to identity-based threats, phishing campaigns, and anomalous behavior patterns • Serve as a technical resource for SOC 2 Type 2 audit preparation and execution • Design, implement, and document security controls that satisfy Trust Service Criteria (TSC) requirements across the company’s toolset • Maintain evidence collection for audit deliverables - access reviews, logging configurations, policy enforcement, and change management records • Identify control gaps and drive remediation efforts prior to and during audit windows • Partner with external auditors, providing technical walkthroughs and supporting evidence requests • Implement and enforce security controls across the company’s broader toolset - SaaS platforms, cloud infrastructure, and endpoint environment • Advise and support IT on secure configuration for onboarding, offboarding, and access provisioning workflows • Partner with engineering teams on secure development practices, secrets management, and cloud security posture • Produce clear, concise reporting on security posture, incident trends, and audit readiness for IT leadership • Stay current on the Microsoft security roadmap, threat landscape, and emerging attack techniques relevant to the company’s environment

• Work directly with client teams to drive discovery, design, configuration, validation, piloting, deployment and support of Microsoft cloud and on-premises security capabilities • Work across Cyclotron business units to provide a holistic approach in threat protection • Contribute to the development of new Threat Protection and SIEM services

• Lead and develop a team of engineers responsible for building and operating enterprise cyber services; • Establish clear goals, provide coaching and feedback, and support career growth. • Own service delivery and contribute to multi-quarter roadmap across the cyber infrastructure portfolio pillars. • Drive secure-by-design engineering practices, reference architectures, and standard patterns for onboarding new platforms. • Establish and maintain operational excellence: SLAs/SLOs, service health metrics, runbooks, incident response playbooks. • Partner with Security Operations and Threat teams on logging, telemetry, and SIEM integration to ensure detections are effective. • Collaborate cross-functionally with Architecture, Infrastructure, Cloud, and Application teams to plan and deliver integrations, migrations, and new capabilities. • Champion automation and Infrastructure-as-Code to improve consistency and speed of delivery across cyber infrastructure services.

• Develop NIST 800-53 Rev5 based System Security Plan (SSP) • Create/Update the applicable documents identified by NIST 800-53 Rev 5, specifically the Security Assessment Report (SAR) • Create/Update the associated Plan of Actions and Milestones (POA&M) • Provide detailed security-related reports including data, analyses, and conclusions upon completion of tests, scans, and assessments, including mitigations and, if indicated, appropriate escalation of identified risks and vulnerabilities • Verify and document the implementation of security controls necessary to achieve compliance • Keep management apprised of impending areas of concern, verbally and in writing • Review and develop System Security Plans (SSPs), Plans of Actions and Milestones (PO&Ms), and as well as other necessary artifacts • Facilitate the Plan of Actions and Milestones (POA&M) program to ensure customer systems have accurately and fully provided information for POA&M activities to include valid remediation of findings • Develop various policy documents (SOPs/CONOPs) as required • This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments • Develop new, and mature existing information security and risk policies • Initiate, and lead on-going information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture • Produce and review key performance indicators for implemented security measures and distribute KPIs • Maintain knowledge of threat landscape by monitoring threat intelligence, and other related sources