• Execute on milestones for end-to-end SecOps & Threat initiatives in accordance with the Security roadmap • Identify and respond to complex security incidents, including system compromise, intrusion attempts, and/or denial of service attacks by conducting continuous monitoring, vulnerability assessments, and log analysis • Engage vendors, Infrastructure, IT, GRC, Cloud, and Application Security teams as required to validate alerts, ensure incident resolution, and perform root cause analysis • Research emerging threats, publicly disclosed vulnerabilities or attack vectors, and proactively push mitigating controls to products and services • Perform security forensics • Build security tools and advanced automation that enable the 6sense Security Team to operate at speed and scale • Propose, plan, lead, and execute threat exercises based on current security trends, advisories, publications, and academic research • Mentor engineers across Information Security to drive security controls and risk remediation • Communicate risks and mitigations across multiple audiences with varying levels of sensitivity • Execute on quarterly individual Key Results that support team Objectives (OKRs)

• Act as the primary technical escalation point for complex operational issues across SIEM and continuous monitoring programs, ensuring quick and effective resolutions. • Maintain and optimize critical security systems, including SIEM platforms (e.g., Splunk, ELK, SumoLogic, Sentinel), vulnerability management and scanning tools (e.g., Nessus, Qualys, Tenable), and Anti-Virus/EDR solutions (Trend Micro Deep Security Manager, Microsoft Defender, Crowdstrike). • Oversee continuous monitoring activities for FedRAMP and other compliance programs, including vulnerability scanning, configuration management, security control validation, and compliance artifact generation. • Monitor and improve the team's use of automation and monitoring tools to drive operational efficiency across both SIEM and vulnerability management workflows. • Analyze and resolve system performance issues, ensuring compliance with FedRAMP, SOC, HIPAA, and other security/operational standards. • Participate in incident response, threat hunting, and post-mortem analysis to identify root causes and prevent recurrence. • Manage a team of engineers across SIEM operations and continuous monitoring (vulnerability management) functions, fostering a high-performing and engaged team culture. • Mentor and support the professional growth of engineers through training, feedback, and career development planning. • Assist with hiring, onboarding, and retention to ensure team stability and growth. • Oversee day-to-day delivery of security services, ensuring operational consistency and high-quality outcomes for both SIEM and continuous monitoring programs. • Track and optimize key metrics such as incident response times, vulnerability remediation rates, false positive reduction, operational efficiency, and compliance posture. • Develop and refine processes for incident response, vulnerability remediation, continuous monitoring reporting, and compliance documentation. • Work with cross-functional teams, including consulting teams, SREs, and professional services teams, to improve service delivery and client satisfaction.

About American Technology Services LLC American Technology Services (ATS) started in 1994 with the same mission as today, providing high-quality managed IT services, network support, and cybersecurity services to firms where quality matters most – the organizations that rely heavily on information technology and high levels of services. Over the years, ATS has built client trust that has lasted for years and years. As time goes forward, our consultative approach resonates well, and our “corporate knowledge” about our clients’ IT operations helps our clients perform at a higher level. About the role At ATS, you’ll join a dedicated team focused on Incident Detection & Response, working to protect the people, processes, and technology of our organization. We are seeking an experienced and adaptable Security Operations Engineer to join our Cybersecurity team. This role reports to the Cybersecurity Manager and will play a critical part in responding to cybersecurity incidents across the enterprise. What you'll do Serve as a primary responder to security incidents, including the monitoring, triaging, and investigation of security alerts in a timely manner. Collaborate with cross‑functional teams to document, enhance, and coordinate Incident Response processes. Maintain and organize Cybersecurity documentation, including the creation and upkeep of incident response playbooks. Participate in and/or lead incident post‑mortems, distilling lessons learned into actionable recommendations and comprehensive written reports. Analyze logs and EDR telemetry across a variety of systems, including medical devices, cloud applications, workstations, and data exchange platforms. Conduct investigations across Windows, Linux, iOS, and cloud platforms using SIEM tools and manual log analysis. Participate in a global on‑call rotation. Identify opportunities for automation and for improving detection capabilities. Perform proactive threat hunting to identify emerging tactics, techniques, and procedures (TTPs). Assess and respond to new and evolving threats using threat intelligence to evaluate likelihood and organizational impact. Assist in forensic acquisition, malware analysis, and network analysis. Qualifications Proven ability to translate abstract requirements into clear, actionable steps. Excellent written and verbal communication skills, including the ability to convey technical concepts to non‑technical audiences. Strong work ethic with exceptional attention to detail and organizational skills. Ability to prioritize and multitask effectively in a fast‑paced environment. Capable of working both independently and collaboratively within a team. Conceptual understanding of software development methodologies. Experience with application security, SaaS, or cloud security is a plus. Experience with programming or scripting languages is a plus. Familiarity with cloud environments (e.g., AWS, Azure) and automation frameworks.

• Own the relationship with our managed SOC, including alert quality, escalation workflows, SLAs, runbooks, and continuous improvement of detection coverage and response effectiveness. Assist with triage, investigations, and respond to security alerts across endpoints, identity, cloud, network, and application logs. • Operate and maintain our SIEM, including log onboarding, parsing, normalization, correlation rules, alert tuning, and lifecycle management to reduce noise and increase signal. • Ensure critical systems generate the right security telemetry, filling gaps across endpoints, identity providers, network devices, SaaS tools, and cloud platforms. • Continuously refine detection logic based on threat intelligence, SOC feedback, incident learnings, and emerging attack techniques. • Assist with security incidents, working with IT, Engineering, and external partners to contain, eradicate, and recover from incidents. • Develop, maintain, and continuously improve incident response playbooks, escalation paths, and communication procedures. • Track and report on key security operations metrics such as alert volumes, false positive rates, mean time to detect (MTTD), mean time to respond (MTTR), and SOC performance. • Act as the security liaison to the IT Helpdesk, ensuring security-related tickets are properly triaged, prioritized, and resolved without slowing down business operations. • Provide guidance and context to IT teams on security alerts, risks, and required actions, helping raise the overall security maturity of frontline support teams.