Job Purpose

-Provides dedicated monitoring and analysis of cyber security events. -Performs initial incident response on Events of Interest (EOI). -Collects data and context necessary to initiate Level 2 escalation. -Processes incident communications from initial reporting, follow-ups, requests for information till closure.

Report To Position Name

-Provides dedicated monitoring and analysis of cyber security events\: -Review security events that are populated in a Security Information and Event Management (SIEM) system. -Conducts initial triage of alerts to identify potential, false positives, policy violations, intrusion attempts and compromises … etc -Provides security incident detection expertise to support timely and effective decision making of when to declare an incident. -Performs initial incident response on Events of Interest (EOI)\: -Investigates security incidents and perform in-depth analysis using SOAR technology. -Analyses a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine escalation paths for each incident. -Conducts proactive cyber threat and compromise research and analysis. -Provides analysis regarding intrusion events, security incidents, and other threat indications and warning information from various outside agencies. -Collects data and context necessary to initiate Level 2 escalation\: -Consolidates data from alert triage to provide context necessary to initiate Tier II or Tier III work. -Escalates triaged alerts to Tier II & III Analysts for deeper analysis and review. Processes incident communications from initial reporting, follow-ups, requests for information till closure\: -Independently follows procedures to document and report security incidents. -Documents all activities during an incident and providing leadership with status updates during the life cycle of the incident. -Creates a final incident report detailing the events of the incident.