Essential Functions:
Platform Engineering & Optimization
- Configure, maintain, and optimize assigned security platforms across endpoint, network, web, and identity domains
- Continuously refine policies, detection logic, and configurations to improve signal quality, reduce false positives, and enhance visibility
- Apply platform capabilities to develop and improve detection coverage (e.g., IOA, behavioral detection)
- Ensure platform health, telemetry integrity, and effective coverage across environments
- Evaluate and implement enhancements that improve effectiveness of existing tools before recommending new solutions
Alert Analysis & Investigation
- Analyze alerts and raw telemetry generated by security platforms and determine appropriate action based on context and risk
- Investigate suspicious activity using available data sources, including logs, network traffic, and endpoint behavior
- Apply independent judgment to distinguish between benign, anomalous, and malicious activity
- Perform triage and root cause analysis, escalating when broader coordination is required
- Contribute to incident response through multi-platform analysis and insight
Operational Support & Issue Resolution
- Troubleshoot and resolve issues related to security controls, including access disruptions, false positives, and policy conflicts
- Apply practical, risk-based decisions when adjusting controls to balance security and operational needs
- Collaborate with IT, engineering, and business teams to diagnose and resolve issues efficiently
Cross-Platform Contribution
- Develop working knowledge across multiple security domains to support team resiliency
- Serve as a secondary resource across platforms (endpoint, email, vulnerability, cloud)
- Collaborate with peers to ensure continuity of coverage and reduce single points of failure
Continuous Improvement
- Identify gaps in detection, visibility, and control effectiveness based on operational experience
- Improve detection quality, reduce noise, and enhance response effectiveness (MTTD/MTTR)
- Contribute to development of playbooks and processes, while remaining effective in situations where such guidance is incomplete
- Implement automation or scripting where appropriate to improve efficiency
Collaboration & Communication
- Communicate findings, risks, and recommendations clearly to both technical and non-technical stakeholders
- Translate technical observations into business-relevant impact
- Demonstrate strong active listening and the ability to incorporate differing perspectives
- Maintain a collaborative, solutions-oriented approach while providing clear recommendations and direction
On-Call & Operational Support
- Participate in on-call rotation for after-hours response
- Respond to security incidents and production-impacting issues in a timely and structured manner
Education and Experience:
- Bachelor's degree in Computer Science, Computer Engineering, Information Technology or related field.
- Minimum five (8) years of experience in information security, network security or infrastructure security.
