Security Operations Tech Lead

You will serve as the primary escalation point for critical security alerts, perform deep-dive DFIR investigations, analyze attacker techniques, hunt threats, and direct incident response activities. You will lead SecOps projects from inception to execution, mentor and provide technical guidance to SecOps engineers, develop and improve automated triage and response using security telemetry, coordinate investigations and containment with business stakeholders, perform hands-on forensic and cloud investigations, and produce incident analysis and findings reports with recommendations.

Responsibilities

• Operate as the primary escalation point for critical security alerts
• Perform deep-dive DFIR investigations and analyze attacker techniques and vectors
• Proactively hunt threats and direct incident response activities
• Lead SecOps projects from inception to execution
• Mentor SecOps experts and provide technical guidance
• Research and leverage security telemetry to improve triage and automated response
• Refine and evolve agentic workflows for automated security operations
• Coordinate investigation, containment, and response activities with stakeholders
• Perform hands-on forensic investigations, log reviews, and cloud investigations
• Develop incident analysis and findings reports with gap identification and recommendations

Requirements

• 5+ years experience in Incident Response or Cyber Security Operations Center
• Experience addressing, escalating, and managing security incidents and creating incident reports
• Experience managing the lifecycle of security incidents in a global 24/7 production environment
• Experience collaborating with cross-organizational stakeholders to drive incident response and remediation
• Experience developing runbooks for frequent or critical incident types
• Strong development fundamentals and experience delivering and maintaining production-grade code
• Hands-on programming and scripting experience (Python, Bash)
• Proven expertise in attack and mitigation methods within Cloud and SaaS environments
• Solid understanding of system and security controls on at least two operating systems (Windows, Linux/Unix, MacOS) including host-based forensics and OS artifact analysis
• Experience performing root-cause analysis and cloud investigations
• Excellent communication skills and ability to work collaboratively with other teams
• Problem solving mindset and growth orientation
• Bachelor's degree in Computer Science, Information Technology, or related field (preferred)
• Understanding of LLM concepts and architectures with hands-on experience applying them (preferred)