• Participate in and lead incident response, triage, and investigations by performing systematic analysis of security events and indicators of compromise to identify malicious activity, potential threats, and vulnerabilities • Conduct post-incident analysis to identify root causes and recommend preventative measures • Create incident reports and documentation for stakeholders • Design, develop, and maintain high-fidelity security detections aligned to adversary behaviors (e.g., MITRE ATT&CK), while performing ongoing detection gap analysis and recommending new detections based on emerging threats and attack techniques • Tune and optimize security detections and alerts to improve signal quality, reduce false positives, and ensure actionable outcomes for the SOC • Document detection logic, data dependencies, assumptions, and response guidance to support long-term maintainability and SOC effectiveness • Provide technical guidance and mentorship to junior SOC analysts during investigations and detection development efforts • Lead purple team efforts to test adversary techniques, validate existing detections, identify gaps, and inform the development of new or improved security alerts • Proactively conduct threat hunting to identify malicious activity and assess the effectiveness of security controls • Leverage threat intelligence to inform detection development, threat hunting, and incident response activities • Lead SOC project efforts and coordinate with other cyber security groups to elevate the organization's security posture • Identify opportunities to improve security processes and technologies • Participate in on-call rotation to respond to critical security events • Participate in knowledge sharing and training initiatives • Able to multitask and prioritize