Job Description
Job Brief
Responsible for managing, configuring and monitoring the different security systems utilized in a SOC environment. This position involves conducting incident response investigations, performing daily operational security-related tasks (monitor, investigate, escalate and respond) and occasionally assisting in penetration testing projects. The position requires working in a high-pressure, 24/7 shift-based work environment.
Key Responsibilities
- Actively monitor security alerts generated by the SIEM and other security tools.
- Conduct in-depth analysis of security incidents, focusing on root cause identification, impact assessment, and potential containment measures.
- Tune and optimize SIEM searches, reports, and dashboards to improve detection accuracy and efficiency.
- Tune and optimize SIEM searches, reports, and dashboards to improve detection accuracy and efficiency.
- Collaborate with other SOC members to manage and respond to security incidents.
- Perform threat hunting and containment activities to identify and mitigate potential threats proactively.
- Leverage threat intelligence feeds to enrich event data and identify emerging threats.
- Provide actionable intelligence by correlating threat information with internal security incidents.
- Develop new use cases, correlation rules, and detection logic within SIEM to improve threat detection.
- Prepare and maintain documentation, such as incident reports, intelligence briefings, and tuning recommendations.
- Provide feedback and recommendations on improving the efficiency and effectiveness of SOC processes.
- Integrate new data sources and refine monitoring use cases.
- Administer and manage FW and WAF solutions, ensuring configurations align with security policies and best practices.