Assess if a reported alarm is an organizational attack or a persistent danger to company's network.
Ensure that it is contained as quickly as possible, response & recover from it and devise a remediation strategy (entailing business assets targeted by malware, the type of harmful activities performed by malware.)
Implement remediation with necessary teams such as initialing IT tickets to re-image compromised systems
Often, Security awareness training for end user