Detection & Incident Response

Designing and implementing security information and event management platforms and infrastructure

Developing detection rules, correlation logic, and alert mechanisms to identify security threats

Monitoring security alerts and events across multiple platforms and data sources

Analyzing security incidents and conducting root cause analysis

Coordinating security incident response and serving as incident commander

Conducting threat hunting and proactive threat identification activities

Managing and leading security operations center teams and analysts

Researching and tracking threat actors, campaigns, and attack techniques

Building and maintaining incident response playbooks and runbooks

Translating threat intelligence into actionable detections and defense improvements

Designing log ingestion pipelines, normalization, and enrichment processes

Building data pipelines and telemetry collection systems for security analysis

Integrating and managing multiple security tools and third-party applications

Operating endpoint detection and response systems across diverse environments

Writing production-quality code and developing security tooling

Assessing security configurations and managing security state

Managing alert fatigue and optimizing alerting systems for high-volume environments

Performing digital forensics and memory forensics investigations

Developing and deploying automation and orchestration workflows for security response

Building detection systems using artificial intelligence and machine learning techniques

Designing containment mechanisms and entity-tracking systems across heterogeneous environments

Developing and operating deception detection systems such as honeypots and canary systems

Detecting and mitigating risks from autonomous AI agents and agentic systems

Collaborating across cross-functional teams to improve security posture

Communicating complex security concepts clearly to stakeholders at all levels

Leading and managing incident response teams during crises

Driving continuous improvement and automation of security processes

Mentoring and providing technical guidance to junior security personnel

Developing team members and coaching personnel for career growth

Navigating complex organizational environments and driving strategic change