• Comply with currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines. • Design, implement, and sustain security telemetry/logging architecture in GCP, ensuring high-fidelity signals are collected, normalized, and delivered to the VDSS/SIEM/SOAR stack. • Own logging coverage and quality for cloud and platform signals, including: Cloud Audit Logs (Admin Activity, Data Access, System Event) • IAM/service account activity and privileged actions • VPC Flow Logs, load balancer/WAF/proxy signals • GKE audit logs and Kubernetes control-plane events • Security-relevant application/service logs • Build detection engineering content: queries, correlation logic, alert rules, and dashboards aligned to cloud threat scenarios (IAM abuse, suspicious API usage, workload compromise, data access anomalies, lateral movement paths). • Develop automation and guardrails to reduce toil and accelerate investigations/response: API-driven enrichment and evidence capture (e.g., asset inventory, IAM bindings, network path/context, log exports) • Repeatable runbooks/workflows and integration into ticketing/notification pipelines • Partner with teams to implement and validate security controls that improve defensibility: Secure configuration baselines and drift detection • Identity and access telemetry improvements • Network segmentation signals and policy validation • Container/GKE security instrumentation and runtime visibility • Execute continuous control-health checks and instrumentation validation (telemetry completeness, parsing quality, alert fidelity, logging pipeline reliability). • Coordinate cleanly with the CSSP: provide engineered signals, detection content, and automation that improves downstream monitoring and response outcomes. • Produce clear technical deliverables (engineering notes, detection documentation, dashboards/coverage maps, stakeholder-ready updates) with minimal editing.

• Perform deep-dive research into adversaries and monitor the dark web to stay ahead of emerging threats. • Monitor OSINT (Open Source Intelligence) and create intelligence bulletins for the organization. • Proactively search for signs of malicious activity (adversary hunting) within the environment. • Work with technical teams to gather requirements and engineer rules based on evidence-based practices.

• Focus on investigating security incidents and performing root cause analysis using tools like Google SecOps and SentinelOne • Write security rules and improve automated detection capabilities to defend against sophisticated threats • Participate in the development of "Playbooks" for incident response and threat triage • Translate complex security events into clear, structured reports and procedures

• Assess information security risks in line with internal policy and external best practices. • Support security of information and IT assets by testing security systems and applying security standards, policies, and procedures. • Manage third-party providers to ensure adherence to standards. • Provide information security training to appropriate teams. • Lead incident triage and mitigation, providing expert-level analysis. • Coordinate with internal stakeholders, mentor junior analysts, and provide technical direction. • Communicate technical issues effectively with both technical and non-technical stakeholders. • Submit and manage incident tickets within existing ticketing systems. • Conduct live response activities on managed endpoints within the scope of permitted access. • Deliver technical training sessions to enhance organizational security awareness.