Incident Management & Response:
- Analyze and respond to complex security alerts and incidents.
- Perform root-cause analysis, containment, eradication, and recovery.
- Escalate critical incidents to security management when needed.
- Proactively search for indicators of compromise (IoCs).
- Correlate events across SIEM tools and other systems.
- Investigate anomalies and unusual network or user behaviors.
- Review alerts from SIEM tools (e.g., Splunk, QRadar, Sentinel).
- Fine-tune detection rules and correlation logic to reduce false positives.
- Work with L1 & L2 team to improve alert quality and triage efficiency.
- Analyze vulnerability scans and coordinate remediation with IT teams.
- Verify patch compliance and report deviations.
- Monitor and manage EDR tools (e.g., CrowdStrike, Defender, Carbon Black).
- Respond to malware infections, phishing attempts, and suspicious network traffic.
- Review privileged access controls and segregation of duties.
- Investigate unauthorized access attempts or identity compromise indicators.
- Perform log analysis and evidence collection for incidents.
- Document findings, prepare post-incident reports, and recommend preventive actions.
- Support SOAR (Security Orchestration, Automation, and Response) workflows.
- Develop playbooks and improve existing runbooks for faster resolution.
- Guide L1 & L2 analysts on triage and escalation.
- Collaborate with SOC managers, and IT operations teams.
- SIEM Tools: Splunk, QRadar, Microsoft Sentinel, ArcSight, etc.
- EDR/XDR: CrowdStrike, Carbon Black, Defender ATP, Tanium, etc.
- SOAR Tools: Palo Alto Cortex XSOAR, Splunk SOAR, etc.
- Firewalls & IDS/IPS: Palo Alto, Cisco, Fortinet, Snort, Suricata.
- Vulnerability Tools: Qualys, Tenable, Rapid7.
- Cloud Security: AWS GuardDuty, Azure Security Center, GCP SCC.
- Scripting: Basic Python, PowerShell, or Bash for automation.
- Operating Systems: Windows, Linux, macOS security fundamentals
About the company
IT Services and IT Consulting, Internet Publishing, Information Technology & Services