Principal Cyber Defense Operations
Job Locations
US-Remote
Our Mission
Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS.Come be part of remarkable.
Overview
How you can make a difference
The Cyber Defense Operations Team Principal (CDOT) serves as the senior technical authority within the Cyber Defense Operations Team, responsible for ensuring the accuracy, quality, and threatinformed rigor of all escalations and investigations. This role leads the review of highrisk activity across CDOT Escalations, Insider Threat, and Cloud/AI Response queues, and ensures alignment with the organization's detection, response, and visibility strategy. The Principal partners closely with ATR, Cyber Defense Engineering, and the Cyber Visibility Principal to strengthen detection fidelity, improve operational workflows, and drive continuous improvement across the Cyber Defense ecosystem.
What you'll be doing
Operations
Lead validation of all CDOT escalations to ensure accuracy, completeness, and threatinformed decisionmaking.
Own triage oversight for the CDOT Escalations, Insider Threat, and Cloud/AI Response queues, ensuring highrisk activity receives appropriate scrutiny and routing.
Coordinate response actions across CDOT, ATR, IR, and partner teams for highseverity events.
Ensure sensitive investigations follow legal, HR, and IR requirements.
Detection
Validate detection fidelity across traditional, cloud, and AIdriven signals, ensuring alignment with ATR's threatinformed detection strategy.
Review cloudspecific detections (Azure AD, AWS, GCP, SaaS) for accuracy, coverage, and alignment to cloud attack paths.
Validate AIgenerated detections and behavioral analytics for accuracy, bias, and operational usefulness.
Identify and escalate visibility gaps-including cloud telemetry, identity logs, and AI anomaly signals-to the Cyber Visibility Principal.
Partner with Cyber Defense Engineering and the Visibility Principal to refine detection logic, improve signal quality, and build new controls where systemic issues are identified.
Response
Lead triage and validation for cloud and AIdriven escalations, including identity compromise, privilege escalation, token abuse, and anomalous workload activity.
Serve as the escalation authority for determining when events require ATR deepdive analysis or CIRP activation.
Ensure escalations involving cloud or AI signals include complete investigative context and meet elevated scrutiny standards.
Playbooks
Ensure operational playbooks accurately reflect CDOT response procedures, including cloud and AIdriven scenarios.
Collaborate with ATR, Cyber Defense Engineering, and the Visibility Principal to develop new playbooks where gaps exist or new capabilities emerge.
Validate SOAR playbooks for correctness, safety, and alignment with escalation thresholds.
Identify automation opportunities and partner with Cyber Defense Engineering to build safe, reliable automated controls.
Quality
Perform regular QA reviews of CDOT investigations, escalations, and triage decisions to track and improve CDOT performance.
Define and uphold standards for investigative documentation, evidence handling, and escalation quality.
Provide technical coaching to analysts to strengthen investigation quality, hypothesis development, and threatinformed reasoning.
Threat Alignment
Maintain alignment between CDOT detection priorities and ATR's threatinformed roadmap, including cloudfocused and AIenabled threats.
Ensure CDOT workfl
ows reflect current adversary tradecraft and MITRE ATTandCK coverage (enterprise, cloud, and emerging AIrelated techniques).
Surface systemic detection, tooling, or workflow gaps to ATR, CDE, and Detection Engineering.
Metrics and Continuous Improvement
*... For full info follow application link.
