Monitoring and improving AI agents, enforcing guardrails, adjudicating complex decisions
Training and mentoring of junior analysts
Oversee escalations from L1 analysts and customers, coordinate rapid response for high-severity incidents
Assisting with L1 triaged as needed
They will also be responsible for the building of and maintenance of escalation work flows and providing feedback on request.
Provide feedback recommendations to the Client Service Manager
Presentation of reports and advanced analytics findings when required
Attendance at all routine client meetings and prep-meetings for Proofpoint Clients
Overall Responsibility for any non-engineering client requests.
Assist in identifying opportunities for new alarms policies
Maintenance of runbooks/Proofpoint documentation (i.e. alarm workflows, escalation procedures, team details, client knowledge base)
Requirements
2+ years in L2 supervision or incident command
Experience with automation/SOAR workflows and policy-based approvals for response actions.
Demonstrated ability to review and improve AI-driven detections or automated playbooks; comfort with explainability, guardrails, and risk-based decisions.
Familiarity with agentic AI concepts (tool-use policies, action confidence, multi-agent orchestration, reward signals) and RAG pipelines for security context.
Knowledge of Phishing technology and functions of some security tools that protect/prevent end users against them
Knowledge of SIEM technology and functions of some security tools
Experience working with interpreting, tuning, searching and manipulating data within SIEM
Experience working with interpreting, searching and understanding the backdown of the structure of an email
The ability to demonstrate understanding of what a phishing email is, how to spot on and what ramification could be to an end user/company if not stopped
Knowledge or experience utilizing the Cyber Kill Chain, Diamond Model or other appropriate models
Experience in gathering and managing threat intelligence
Ability to present a recommended remediation strategy to client in professional format
Basic knowledge of cyber security threats and the ability to explain the impact they have to a user/company.