Detection & Incident Response

Investigating security incidents including indicators of compromise, malware, phishing, and unauthorized access

Monitoring and triaging security alerts across multiple systems and data sources in real-time

Escalating and coordinating incident response across security and infrastructure teams

Conducting threat hunting missions to identify malicious activity across infrastructure

Managing and supporting security tools including SIEM, EDR, and intrusion detection systems

Conducting threat intelligence research on threat actors, campaigns, tactics, and procedures

Designing and implementing detection rules and custom security detections

Developing incident response playbooks, runbooks, and standard operating procedures

Performing post-incident reviews and providing recommendations for security improvements

Performing technical analysis of malware, infrastructure, and attacker tooling

Designing and developing automation workflows to reduce manual security processes

Building and maintaining threat intelligence tooling and automated pipelines

Building and deploying AI agents for autonomous alert triage and investigation

Developing telemetry architecture and security data foundations across multiple domains

Identifying and implementing AI-specific threat detection for model extraction and data poisoning

Designing detection strategies for attacks targeting distributed AI infrastructure and GPU clusters

Working collaboratively across multiple teams including infrastructure, product, and research

Communicating technical security findings clearly to non-technical stakeholders and leadership

Continuously improving processes, procedures, and detection quality through iterative refinement

Taking ownership and demonstrating initiative in ambiguous problem spaces

Mentoring and guiding junior security engineers and operators

Managing relationships with external security vendors and managed service providers