Responsibilities
- Advanced Threat Detection: Monitor and analyze security events from various sources, including SIEM, EDR, NDR, firewalls, and other protection systems. Identify and respond to advanced persistent threats (APTs) and complex security incidents.
- Incident Response: Lead incident response efforts, including investigation, containment, eradication, and recovery. Coordinate with other teams to manage and mitigate security incidents, ensuring minimal impact on business operations.
- Forensics and Analysis: Perform in-depth forensic analysis on compromised systems, including malware analysis, network traffic analysis, and log analysis. Document findings and provide detailed incident reports.
- Threat Hunting: Proactively hunt for hidden threats in the network, using threat intelligence, behavioral analysis, and anomaly detection techniques. Identify and mitigate potential security risks before they escalate.
- Security Improvements: Collaborate with the SOC team to continuously improve detection capabilities, including tuning and optimizing SIEM rules, developing custom scripts, and integrating new tools and technologies.
- Training and Mentorship: Provide guidance and mentorship to junior SOC analysts (L1/L2), sharing knowledge and best practices for incident response and threat detection.
- Post-Incident Reporting: Prepare detailed post-incident reports that include root cause analysis, impact assessments, and recommendations for future prevention measures. Communicate findings to senior management and relevant stakeholders.
- Incident Playbooks: Develop and maintain incident response playbooks, ensuring they are up-to-date and aligned with the latest threat landscape and industry best practices.
- Collaboration: Work closely with other IT and security teams, including vulnerability management, IT operations, and network security, to strengthen the organization’s overall security posture.
Work Arrangement
Hybrid
Additional Information
- 3 days on site, 2 day on remote
