Responsibilities:
- Lead advanced threat detection and response activities.
- Develop and optimize SIEM use cases, correlation rules, and dashboards.
- Investigate and respond to escalated incidents from L2 analysts.
- Perform root cause analysis for complex incidents and provide actionable insights.
- Lead threat hunting exercises to identify advanced persistent threats (APTs).
- Configure and maintain SIEM platforms, ensuring optimal performance and scalability.
- Integrate new log sources and ensure proper parsing and normalization.
- Collaborate with SOC management to define and enhance incident management workflows.
- Conduct training sessions and mentor L1/L2 analysts.
- Stay updated with emerging threats, vulnerabilities, and industry best practices.
Skills:
- Expertise in deploying and managing SIEM platforms (QRadar, or similar).
- Deep understanding of security frameworks (MITRE ATT&CK, NIST, etc.).
- Proficient in analyzing network traffic, malware behavior, and forensic artifacts.
- Strong troubleshooting and problem-solving skills for platform-level issues.
- Excellent report-writing and documentation skills.
Certifications (preferred):
- GIAC Certified Incident Handler (GCIH)
- Certified Information Systems Security Professional (CISSP)
- Vendor-specific certifications (e.g., QRadar Certified Deployment Professional)
