Explorer (Level 1) — Uses AI daily to boost personal productivity

Builder (Level 2) — Creates workflows and tools that elevate the whole team

Integrator (Level 3) — Embeds AI into products and processes at scale

Set the strategy and technical direction for Sword’s Security Operations Center — defining the operating model, SIEM and detection architecture, incident response capability, and the roadmap to scale them as the company grows.

Drive an AI- and automation-first transformation of security operations: design SOAR playbooks, agentic and LLM-assisted triage workflows, and ML-driven detection to reduce MTTD/MTTR, expand coverage, and let a lean team operate at enterprise scale.

Lead the SOC/CSIRT team technically — mentoring detection and response engineers, raising the bar on investigations, running on-call and escalation models, and acting as commander for major incidents.

Own the SIEM end-to-end (architecture, data sources, normalization, retention, cost, and tuning) and evolve detection-as-code content aligned to MITRE ATT&CK and Sword’s threat model.

Lead high-severity incident response from detection through containment, eradication, recovery, and post-incident review, partnering with engineering, IT, legal, and executive stakeholders during critical events.

Run the threat intelligence and threat hunting programs, converting emerging TTPs into new detections, proactive hardening, and informed risk decisions.

Define and report on SOC performance — MTTD, MTTR, coverage, automation rate, false-positive rate, on-call health — and use those metrics to drive measurable, continuous improvement.

Influence security architecture and engineering decisions across the company, ensuring detection, response, and recovery are built into new products, platforms, and infrastructure from day one.

Establish and continuously improve incident response playbooks, runbooks, and tabletop exercises to ensure organizational readiness.