"Tell me about a time you built or significantly improved an internal tool to automate threat detection in a SOC environment. Walk me through how you identified the need, prioritized what to automate first, worked with the analysts or engineers who depended on it, and what measurable impact it had."
