Incident Response: Monitor and analyze security event logs and alerts to detect potential incidents, and lead investigations for containment, eradication, and recovery.
Root Cause Analysis: Perform in-depth analysis of sophisticated security incidents and targeted attacks across systems, networks, and code to identify root causes and prevent recurrence.
Security Automation: Enhance detection and response capabilities through automation, including fine-tuning alerts to reduce false positives and automating responses to repetitive incidents.
Playbook Creation: Develop and maintain incident response playbooks for distinct types of security incidents, ensuring they align with current threats.
Security Event Enrichment: Leverage IOCs, threat intelligence, and other data sources to enrich security events, improving detection accuracy and reducing incident response time.
Collaboration: Work with security stakeholders and cross-functional teams to coordinate incident response efforts and improve overall security initiatives.
Threat Hunting: Conduct proactive threat hunting to identify potential malicious activities and mitigate emerging risks before they escalate.
Vulnerability Management: Identify, assess, and prioritize vulnerabilities across systems, applications, and networks, and ensure effective remediation strategies.
Vulnerability Scanning & Testing: Regularly conduct vulnerability scans, penetration tests, and risk assessments to uncover weaknesses in the security posture.
Patch Management: Collaborate with IT and development teams to ensure timely patching and remediation of vulnerabilities.
Required Experience:
Education:Bachelors/Masters degree in computer science, Information Technology, Cybersecurity, or a related field.
Experience: A minimum of4 yearsof experience in a Security Operations Center (SOC) environment.
Certifications: Relevant certifications suchGCIA, GCIH, AWS Security Specialistor any other certification that is in the field of Security Operations or Incident Response.
Technical Skills: Hands-on experience withsecurity toolsand technologies such as SIEMs, Endpoint Detection and Response (EDR), Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), and vulnerability scanners.
Hands-on Experience: Proficient in the incident response process, including identification, containment, remediation, and recovery.
Cloud Experience: Experience with cloud security services, preferably inAWS or Azureenvironments.
Analytical Skills: Strong analytical and problem-solving skills with a detail-oriented approach to security challenges.
Soft Skills: Excellent verbal and written communication skills, capable of conveying complex security concepts to non-technical stakeholders.
Good to have:
Coding Skills: Proficient in coding languages like Python or Go
