Lead end-to-end execution of complex DevOps and infrastructure programs, including perform in-depth triage and analysis of escalated alerts to determine scope, impact and root cause
Lead response actions such as isolating hosts, revoking credentials or blocking network indicators
Examine endpoint, network and cloud logs to reconstruct attack timelines and adversary behaviors
Execute and enhance incident response playbooks, detection rules and escalation criteria
Maintain operational command during assigned shifts, ensuring situational awareness, incident logging and proper shift handovers
Conduct proactive threat hunting for suspicious activity and emerging indicators of compromise
Validate data integrity from security tools (SIEM, EDR, IDS, etc.) and assist with tuning or integrations
Partner with IT, DevSecOps and compliance teams to mitigate vulnerabilities and improve defenses
Produce high-quality incident reports, lessons learned and recommendations for leadership
Requirements
Bachelor's degree in Cybersecurity, Computer Science or related field, or equivalent practical experience
2-4 years in a SOC, incident response or cyber defense role
Experience with SIEM platforms (e.g., Splunk, Sumo Logic, Sentinel) and EDR technologies
Strong understanding of MITRE ATT&CK, threat actor TTPs and multi-source log correlation
Hands-on experience analyzing network traffic, endpoint behavior and cloud telemetry
Familiarity with scripting for automation and analysis (Python, PowerShell or Bash)
Strong written and verbal communication skills for incident reporting and coordination
Additional Instructions
Lead end-to-end execution of complex DevOps and infrastructure programs, including perform in-depth triage and analysis of escalated alerts to determine scope, impact and root cause
Lead response actions such as isolating hosts, revoking credentials or blocking network indicators
Examine endpoint, network and cloud logs to reconstruct attack timelines and adversary behaviors
Execute and enhance incident response playbooks, detection rules and escalation criteria
Maintain operational command during assigned shifts, ensuring situational awareness, incident logging and proper shift handovers
Conduct proactive threat hunting for suspicious activity and emerging indicators of compromise
Validate data integrity from security tools (SIEM, EDR, IDS, etc.) and assist with tuning or integrations
Partner with IT, DevSecOps and compliance teams to mitigate vulnerabilities and improve defenses
Produce high-quality incident reports, lessons learned and recommendations for leadership
Perks and Benefits
Medical, Dental & Vision (inclusive of domestic partnerships)
Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
Voluntary Short/Long Term Disability Insurance
401K (Roth/Traditional)
A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
Above market annual bonuses
