- Serve as the primary escalation point for complex security incidents, providing advanced technical analysis and resolution support.
- Act as the technical lead for high-severity security incidents, coordinating investigation, containment, and recovery efforts.
- Perform advanced threat analysis using SIEM, EDR, identity protection, and network telemetry platforms.
- Develop and refine detection capabilities including SIEM analytics rules, threat hunting queries, and automated response playbooks.
- Provide mentorship and technical guidance to junior SNOC engineers during investigations and incident response.
- Support the development and maintenance of security runbooks, incident response procedures, and investigation guides.
- Ensure security investigations and operational actions are accurately documented in ticketing systems.
AWSAzure