• strengthen security posture through robust security operations and advanced threat detection • lead security incident management, triage, and investigations • develop innovative solutions to remediate current threats and proactively prevent future attacks • design, implement, and optimize detection logic to identify sophisticated threats • partner closely with Product Security, IT, and Legal teams • report to the Sr. Director, Security Engineering and Operations under the CISO

• Manage multi-step breach and investigative analysis of advanced threats • Serve as an escalation resource and mentor for other analysts • Work directly with cyber threat intelligence to convert intelligence into useful detection • Work with security partners developing and refining monitoring use cases • Work on complex tasks assigned by leadership, which may involve coordination of effort among Level 1/2/3 analysts • Coordinate evidence/data gathering and documentation and review Security Incident reports • Identify root cause incident and take proactive mitigation • Define required security controls and processes and enforces through the execution of policy documentation, standards, education and awareness, and conducting risk assessments. • Monitor external regulatory requirements and supports compliance and certification activities. • Enforce a defense-in-depth methodology in support of the overall enterprise cyber security risk posture. • Create and develop CSIRT processes and procedures working with Level 2 and Level 1 Analysts

Role Description Unit4 Global Cloud Operations Team is seeking a skilled Security Operations Engineer to join our international team. As part of this dynamic team, you will play a key role in maintaining the security and integrity of our cloud infrastructure and environments. You will monitor security systems, analyze threats, and manage security incidents from detection through resolution, ensuring a robust defense against emerging threats. Key Responsibilities: - Continuous Monitoring: Continuously monitor cloud environments for potential security threats. - Threat Analysis: Analyze security alerts and logs to identify suspicious activities. - Incident Response: Lead response efforts during security incidents, including containment, eradication, and recovery. - Investigation: Investigate security breaches and identify root causes. - Post-Incident Review: Conduct post-incident analysis to suggest improvements. - Documentation: Document security incidents and maintain detailed records. - Customer Incident Handling: Act on security incidents reported by customers or identified proactively. - Policy Adherence: Follow established security policies and procedures. - System Maintenance: Monitor and maintain security systems such as firewalls, intrusion detection and prevention systems, and SIEM systems. - Preventative Measures: Implement security measures to prevent future incidents. - Staying Current: Stay up-to-date with the latest security trends and technologies. Qualifications - 3+ years of relevant experience in security monitoring, analysis, and incident response. - Knowledge and experience in hardening OS and other environments/systems. - Knowledge and experience with security-related group policies and their implementation. - Knowledge of forensic analysis and incident management tools. - Familiarity with SIEM tools and security incident management. - Strong analytical and problem-solving skills. - Excellent communication skills, both written and verbal. - Ability to work under pressure and manage multiple incidents simultaneously. - Understanding of security policies and procedures. - Experience with firewalls, intrusion detection/prevention systems, and SIEM systems. Requirements - Familiarity with Microsoft Azure & Microsoft certifications. - Experience with AWS. - Experience with scripting languages (e.g. PowerShell) for automation. - Knowledge of networking, and PKI infrastructure. - Basic Linux skills. Benefits - A culture built on trust and accountability - giving you the freedom and autonomy to be successful and make an impact. - Balance - with our Flexible Leave Paid Time Off policy, remote working opportunities, Global Wellbeing Days, and other great benefits. - Growth opportunities - we provide the tools and guidance required so that you can focus on what really matters to you and ultimately achieve your best work. - Talented colleagues, role models and mentors - work, learn and be inspired by some of the best talent in the software industry. - A commitment to sustainability - with initiatives such as our Environmental, Social, and Governance strategy and Act4Good programme. - A safe and inclusive working environment – supported by our Employee Resource Groups, which are open to all.

Role Description This project will optimize the agency's CrowdStrike SIEM and related CrowdStrike services to improve threat detection, monitoring, and response capabilities. The contractor will expand and tune telemetry, integrate additional high-value log sources, enhance security dashboards, and support the rollout of additional CrowdStrike services. The effort will increase visibility into endpoint and security risk, improve signal quality and correlation, and provide security leadership with clear insight into security operations effectiveness and overall risk posture. Expected Outcomes - Expanded and optimized CrowdStrike SIEM telemetry coverage - Integration of additional high-value log sources - Improved dashboards for operational and executive visibility - Enhanced detection fidelity and monitoring effectiveness - Clearer insight for leadership into endpoint risk and security operations performance Duties to Be Performed - Assess current CrowdStrike SIEM configuration, telemetry coverage, and log ingestion - Enable and tune additional CrowdStrike telemetry to improve visibility and signal quality - Identify and integrate new high-value log sources into CrowdStrike SIEM - Develop and refine security dashboards aligned to SOC and executive use cases - Assist with technical enablement and rollout of additional CrowdStrike services - Validate data quality, parsing, and correlation within the SIEM - Coordinate with Security Operations, IT Operations, and system owners - Identify gaps, risks, and improvement opportunities in monitoring and detection - Provide weekly status updates and monthly executive-level progress summaries - Deliver supporting documentation and recommendations to sustain improvements Deliverables - Summary of work performed and capabilities delivered - Documentation supporting all telemetry enablement, log integrations, and dashboard implementations - Measurable improvements in monitoring, detection, or visibility - Recommendations for future enhancements or next-phase efforts Qualifications - Demonstrated skill with documentation, reporting, and knowledge transfer - Experience with Stakeholder Engagement, and Executive Communication - Experience in SIEM Detection Engineering and Alert Optimization - Experience in Log Source Integration and Data Normalization - Hands-On Experience with CrowdStrike SIEM and Dashboard Development - Hands-On Experience with SIEM and Dashboard Development