Key Responsibilities

Work collaboratively with Account Manager

Track incident detection and closure

Act as subject matter expert and expert witness where required

Generate new use cases for emerging threats

Conduct incident response coordination with customer

Validation of security incidents

Conduct audits of logging and correlation

Conduct monthly security use case review and correlation audits

Escalation management

Ensure process compliance ans SLA compliance

Ensure quality of investigations and notification and direct L2 and L1 accordingly

Report deviations to SOC manager and L3

Perform deep analysis to security incidents to identify the full kill chain

Set up weekly meeting to review the weekly reports with the client

Respond to clients requests, concerns and suggestions

Follow up with the recommendations to the client to contain an incident or mitigate a

threat

Respond to incident escalations and provide solid recommendations

Update aging incidents and requests

Track SOC performance in terms of SLAs and incident quality

Conduct threat hunting exercises on SIEM and EDR platforms

Perform quarterly evaluation for L1 and L2 analysts and report feedback to SI management

Essential Skills

Experience with Security Information Event Management (SIEM) tools

Good understanding of SIEM co-relation rules

Should have expertise on TCP/IP network traffic and event log analysis

Knowledge and hands-on experience with any SIEM tool, "SPLUNk "

Knowledge and handon experience on any EDR tool, "Crowdstrike, MS"

Good Understanding of Cloud Services. E.g. AWS Guard Duty, AWS Cloud Trail, AWS Cloud

Watch etc

Good understanding of system hardening, and Vulnerability Assessments

SIEM CROWDSTRIKE