Support and execute security incident response activities, including triage, investigation support, containment coordination, lessons learned, and corrective action tracking • Develop and maintain incident response playbooks, runbooks, and escalation paths; participate in and help run tabletop exercises • Operate and improve enterprise security controls and tooling (e.g., endpoint protection/EDR, SaaS security controls, email security, access control workflows), ensuring reliable configuration and ongoing effectiveness • Partner with Observability Engineering to ensure security-relevant telemetry is available for investigations and response (without owning SIEM/telemetry platform administration) • Partner with Vulnerability Management to drive remediation execution, validate fixes where appropriate, and reduce repeat findings through hardening and control improvements • Coordinate security investigations with DevOps, IT, and Engineering teams; track actions through to closure and document outcomes • Support access governance and least-privilege initiatives, including periodic access reviews, privileged access workflows, and secure authentication controls • Create and maintain security documentation for processes, controls, and operational procedures to enable consistency across teams and geographies • Assist with security control evidence and operational readiness activities for compliance frameworks (e.g., SOC 2, ISO 27001, FedRAMP/GovRAMP, NIST 800-53) in partnership with Compliance and platform teams • Identify opportunities for automation to improve security operations efficiency (ticketing workflows, control checks, integrations, scripting). • Experience in compliance-driven environments (FedRAMP, GovRAMP, SOC 2, ISO 27001, NIST 800-53) and supporting evidence collection/operational readiness • Experience with EDR, email security, and/or SaaS security controls (tooling specifics vary) • Experience with identity security workflows (access reviews, privileged access processes, conditional access patterns) • Scripting/automation experience (Python, Bash, PowerShell) and comfort integrating systems via APIs • Exposure to detection engineering, threat intelligence workflows, or SOAR-style automation (without needing to be the SIEM/platform owner) • Experience in cybersecurity or high-scale SaaS organizations.