Detection & Incident Response

Conducting end-to-end investigations into sophisticated threat actors and their infrastructure, behavior, and tactics

Designing and implementing detection logic and rules across cloud, endpoint, and enterprise environments

Analyzing and responding to security incidents with root cause analysis and forensic investigation

Building automation, scripts, and orchestration workflows to reduce manual security operations work

Threat hunting to proactively identify malicious activity and adversarial patterns

Developing and maintaining telemetry pipelines, data normalization, and enrichment processes

Analyzing malware, phishing infrastructure, and attacker tooling to extract indicators and tactics

Translating security findings into durable engineering solutions and systemic improvements

Writing production-quality code for detection systems with version control and testing

Researching and tracking threat actors, campaigns, and emerging attack techniques

Modeling attacker behavior and anticipating misuse patterns

Leveraging open source intelligence and vendor threat data for investigation and detection

Tuning detection rules and correlation models to maximize signal-to-noise ratios

Building and tuning data loss prevention policies and behavioral detection models

Conducting insider risk investigations combining technical analysis and human interviews

Managing and operating security information and event management platforms

Identifying and closing gaps in detection coverage and telemetry

Leading incident response coordination across multiple teams and stakeholders

Designing hardening strategies and defensive controls across infrastructure

Developing incident response playbooks and runbooks for common attack scenarios

Performing technical analysis of logs from security monitoring systems

Performing digital forensics to determine timeline and impact of security events

Triaging security alerts and determining incident severity and response priority

Reverse-engineering novel attack mechanisms and persistence techniques

Leveraging AI and machine learning to accelerate investigation workflows and automate analysis

Designing detection strategies for AI-specific threats including prompt injection and model extraction

Building agentic systems and autonomous capabilities for security operations

Collaborating cross-functionally with product, engineering, and policy teams on security improvements

Communicating technical security findings to both technical and non-technical stakeholders

Mentoring junior security responders and team members