Key Responsibilities:
- Assisting clients with monitoring, investigation and response to security incidents.
- Effectively assess security incidents, determine their severity level, and manage response efforts with efficiency and precision.
- Conduct research, analysis, and investigation of security alerts
- Maintain a comprehensive awareness of the current threat landscape, including malware, phishing attacks, and advanced persistent threats (APTs).
- Actively participate in post-incident reviews to identify lessons learned and recommend improvements to processes and technologies.
- Provide feedback and recommendations to enhance detection and response capabilities
- Participate in continuous improvement of security operations processes and toolsets
- Provide guidance and leadership to the team during critical situations, ensuring effective decision-making and response.
- Foster collaboration with cross-functional teams to enhance the overall security posture of the organization.
- Mentor and train junior analysts, sharing knowledge and best practices to strengthen team capabilities.
Requirements:
- Bachelor's degree in Computer Science, Information Technology, or a related field
- Preferably 2+ years of experience in a Security Operations Center (SOC) or related cybersecurity role
- Demonstrated ability to analyze, triage and remediate security incidents.
- Moderate knowledge in SIEM tools such as Splunk, Microsoft Sentinel or similar platforms, along with a solid understanding of various log sources and their functions.
- Moderate knowledge of security related technologies and their functions (Firewall, VPN, IDS/IPS, EDR, WAF, etc.)
- Experience in developing SOC use cases in SIEM to correlate diverse logs, including the creation of new monitoring use case logic and enabling effective investigation of security alerts and incidents.
- Experience in conducting investigations across various environments, including endpoints, networks, web applications, databases, and cloud resources
- Moderate knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)
- Knowledge of Cyber Threat Intelligence, including the analysis of intelligence alerts, threat hunting, and providing actionable recommendations.