Job Description
Job Description:
Responsibilities:
Responsibilities:
- Continuously monitor security events and alerts from Client (SIEM), IDS/IPS, endpoint detection and response (EDR), and other security tools.
- Prioritize and triage security events based on severity, potential impact, and risk factors.
- Investigate suspicious activity to determine the root cause and potential threat.
- Document all security events and investigations thoroughly and accurately.
- Stay abreast of emerging threats, vulnerabilities, and attack trends relevant to the client environment.
- Proactively hunt for threats using advanced techniques and analysis tools.
- Analyze identified threats to determine their potential impact and advise on mitigation strategies.
- Participate in incident response activities as part of the designated incident response team.
- Assist with containment, eradication, and recovery efforts as directed.
- Analyze incident data and provide insights to support the investigation and remediation process.
- Document and report all incident response activities for future reference.
- Generate regular reports on security trends, threats, and vulnerabilities.
- Present findings and recommendations to management.
- Configure and maintain security tools and automation scripts to optimize alert generation and response efforts.
- Develop and implement new automation solutions to improve the efficiency and accuracy of Security Operations.
- Maintain effective communication with the office of technology teams, security leadership, and business users.
- Effectively collaborate with other SOC analysts and team members to ensure coordinated responses.
- Security event analysis, threat intelligence, Incident response reports, and security trend reports and recommendations.
- Documentation of security tooling and automation configurations.
- Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
- Number and severity of security incidents identified and mitigated.
- Effectiveness and efficiency of security tools and automation.
- Bachelor s degree in information technology, Cybersecurity, industry security certifications, or a related field or equivalent experience.
- Minimum 3 years of experience as a Security Operations Analyst or similar role.
- Strong understanding of security concepts, network protocols, and threat vectors.
- Proficiency in SIEM, IDS/IPS, EDR, and other relevant security tools.
- Excellent analytical and problem-solving skills.
- Strong communication, collaboration, and documentation skills.