Job Purpose
-Provides dedicated monitoring and analysis of cyber security events.
-Performs initial incident response on Events of Interest (EOI).
-Collects data and context necessary to initiate Level 2 escalation.
-Processes incident communications from initial reporting, follow-ups, requests for information till closure.
Report To Position Name
-Provides dedicated monitoring and analysis of cyber security events\:
-Review security events that are populated in a Security Information and Event Management (SIEM) system.
-Conducts initial triage of alerts to identify potential, false positives, policy violations, intrusion attempts and compromises … etc
-Provides security incident detection expertise to support timely and effective decision making of when to declare an incident.
-Performs initial incident response on Events of Interest (EOI)\:
-Investigates security incidents and perform in-depth analysis using SOAR technology.
-Analyses a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine escalation paths for each incident.
-Conducts proactive cyber threat and compromise research and analysis.
-Provides analysis regarding intrusion events, security incidents, and other threat indications and warning information from various outside agencies.
-Collects data and context necessary to initiate Level 2 escalation\:
-Consolidates data from alert triage to provide context necessary to initiate Tier II or Tier III work.
-Escalates triaged alerts to Tier II & III Analysts for deeper analysis and review.
Processes incident communications from initial reporting, follow-ups, requests for information till closure\:
-Independently follows procedures to document and report security incidents.
-Documents all activities during an incident and providing leadership with status updates during the life cycle of the incident.
-Creates a final incident report detailing the events of the incident.