We are seeking a L3 / Lead to act as a senior escalation point across security monitoring and incident response. This role is critical in driving high-quality investigations, forensic analysis, and detection improvements, while partnering closely with the Process Engineering Lead and Security Engineering teams. The ideal candidate will have deep hands-on experience in incident response and forensics, combined with the ability to uplift processes, reduce false positives, and enable automation-driven efficiency. Responsibilities Act as a senior escalation point for SOC analysts (L1/L2) in monitoring, triage, and investigation, providing technical guidance and validation. Lead incident investigations from escalation through containment, eradication, and recovery, coordinating across Group SOC and OpCos. Perform deep-dive analysis on malware, endpoint/network activity, and adversary behavior to support incident response and attribution. Conduct forensic examinations (endpoints, servers, logs, memory, storage, and network traffic) to support investigative outcomes. Collaborate with the Process Engineering (PE) Lead to: Improve detection rules/use cases. Tune rules to reduce false positives and improve accuracy. Integrate threat intelligence into active monitoring.