Key Responsibilities
- Design, implement, and manage SIEM platforms (Splunk, QRadar, Sentinel, ArcSight, etc.) including use cases, dashboards, and correlation rules.
- Lead threat hunting activities by proactively identifying hidden threats using behavioral analysis, MITRE ATT&CK framework, and threat intelligence.
- Perform Digital Forensics investigations on endpoints, servers, network traffic, and cloud environments.
- Conduct Malware Analysis (static and dynamic) to identify indicators of compromise (IOCs), attack vectors, and remediation steps.
- Investigate and respond to security incidents, including advanced persistent threats (APT), ransomware, phishing, and insider threats.
- Analyze logs from endpoints, networks, cloud platforms, IAM, and security tools to identify anomalies.
- Develop and fine-tune incident response playbooks and forensic procedures.
- Collaborate with SOC, IR, and IT teams to contain, eradicate, and recover from incidents.
- Prepare detailed incident reports, root cause analysis (RCA), and executive summaries.
- Integrate threat intelligence feeds into SIEM for enhanced detection capabilities.
- Mentor junior analysts and contribute to continuous improvement of SOC operations
Skills: siem,malaware,forensic,threat
