Continuously monitor SIEM/EDR, triage alerts, and escalate with crisp evidence

Pivot on IOCs/TTPs; correlate against environment telemetry

Run playbooks, contain accounts/hosts, and coordinate with on-call engineering

Author detection content (queries, rules) and suggest suppression/tuning

Produce incident timelines, post-mortems, and regulator-ready notes

Participate in hunt missions aligned to ATT&CK; track hypothesis → findings

Design scalable services and domain models for intel & identity graphs

Implement pipelines for parsing, enrichment, deduplication, and clustering of IOCs

Ship API endpoints & background jobs with tests, metrics, and tracing

Own features E2E: spec → impl → rollout → observability & docs

Collaborate with Product/Design on data-dense UX and ergonomics

Profile and optimize hot paths (CPU, memory, DB queries)

Design end-to-end flows (briefs, correlation, evidence packs, guardrails)

Build reusable UI patterns for tables, timelines, graphs, and rule editors

Partner with PM/Eng for rapid prototype → ship loops

Create design tokens, states, and accessibility patterns

Run usability tests and synthesize insights into iteration plans

Document behaviors for edge cases, errors, and empty states

Deploy agentless posture & identity risk tooling (e.g., Wiz/Orca)

Author guardrails-as-code, safe-apply, and rollback workflows

Tune detections to reduce noise and focus on material risk

Map and fix excessive permissions, toxic role combos

Integrate with SIEM/ITSM; set owners and SLAs

Produce exec-ready posture deltas and trendlines

Connect cloud/SaaS; classify data and map flows & ownership

Tune contextual DLP policies with least-privilege automation

Automate remediation with approvals and evidence capture

Stand up dashboards, KPIs, and audit exports

Align to PDPL/NCA frameworks with data residency views

Drive program runbooks and quarterly maturity reviews

Connect CERTs/feeds and customer sources; normalize & dedup IOCs

Tune scoring by asset context and business impact

Publish Sigma/YARA/Suricata/NGFW bundles via RuleForge

Automate delivery to SIEM/NGFW and change tracking

Train SOC teams on briefings and next best actions

Build evidence trails for audits and leadership updates

Plan passive sensor placement; baseline industrial protocols & flows

Integrate Dragos/Claroty/Nozomi/Armis with SIEM/SOAR and runbooks

Pilot Himaya FalconEdge in field conditions; tune models & alerts

Map Purdue zones/conduits; recommend segmentation changes

Produce site-ready evidence packs for audits and leadership

Coordinate with OEM vendors and turnaround windows

Connect AWS/Azure/GCP + SaaS to a unified identity graph

Draft guardrails; simulate blast radius; roll out safely

Automate attestations, access reviews, and evidence packs

Establish JIT elevation and break-glass controls

Tune SoD policies by function, geo, and device context

Integrate with ITSM and chat-ops approvals

Target CISOs/SOC leaders/Platform owners with compelling POV

Position 'controls & evidence' vs. generic feed noise

Run short pilots with rule bundles and ROI clarity

Turn pilots into multi-year subscriptions with references

Feed product with sharp customer insights & blockers

Build scalable pricing/packaging learnings

Research accounts; personalize outbound with relevance

Run sequences across email, phone, LinkedIn, and events

Qualify fit and pain; set crisp agendas for AEs

Maintain accurate notes, contacts, and opportunities

Partner with marketing on follow-ups and content

Learn products enough to handle first-line objections

Design and execute a territory plan across target verticals

Run crisp discovery & quantify outcomes with clear next steps

Craft MSAs/SOWs with transparent deliverables and SLAs

Coordinate POCs/pilots with FDEs; remove friction fast

Build reference customers and repeatable plays

Keep pipeline hygiene and reliable forecast discipline