• Design, implement, and tune high-fidelity detections across cloud, endpoint, SaaS, identity, and application environments • Build and optimize queries, alerts, and correlation logic within our SIEM and EDR platforms • Participate in SOC on-call rotation and serve as escalation point for high-severity incidents • Lead complex investigations across endpoint, cloud, SaaS, and identity environments • Triage and validate high-impact alerts, ensuring consistent investigative rigor and documentation • Conduct proactive threat hunting to identify gaps in detection coverage • Drive continuous improvement of playbooks, runbooks, and case management standards • Build custom security tooling to improve alert enrichment, investigation, and response • Develop integrations between security tools and internal systems via APIs • Automate repetitive investigative workflows and containment actions • Improve signal quality and reduce false positives across the stack • Contribute to guardrails and enforcement mechanisms across cloud and SaaS environments • Serve as the technical escalation point for high-severity incidents • Lead complex investigations and root cause analysis • Improve and mature incident response playbooks and processes • Conduct post-incident analysis and drive systemic improvements • Raise the technical bar within the SOC through mentorship and code/detection review • Establish standards for detection quality and investigation rigor • Partner closely with AppSec, Infrastructure Security, IT, and Engineering • Help shape the SOC and detection engineering roadmap