– Resolve, escalated report and raise recommendations for resolution and remediation for security incidents
– Advanced monitoring of system logs, SIEM tools and network traffic for unusual or suspicious activity.
– SIEM (Security Information and Event Management):
Setting up various SIEM solutions and troubleshooting connectivity issues.
Investigate and resolve security violations by providing postmortem analysis to illuminate the issues and possible solutions.
– Collate security incident and event data to produce monthly exception and management reports.
– Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
– Assist and train team members in the use of security tools, the preparation of security reports and the resolution of security issues.
– Develop and maintain documentation for security systems and procedures.
– Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach.
– Experience in working as a Senior Analyst as part of a Soc group for 3+ years
– Experience working with different Siem vendors like Qradar, Archsight, RSA, Logrythem
– Experience in incident response, writing procedures runbooks and playbooks
– Ability to work with customer’s IT and security teams as well as directors’ level.