a) 24/7 Incident Response
- Perform triage, assess severity of incidents
- Investigate and contain security incidents
- Execute predefined response procedures
b) 24/7 Alerts Monitoring
- Continuously monitor security alerts, logs, and network traffic
- Identify potential threats or anomalies
c) Suspicious Email Analysis and other Security Validations
- Respond to reported suspicious emails
- Analyze suspicious emails, trigger email threat remediation actions
- Perform validations for reported suspicious activities and other cybersecurity concerns
- Provide recommendations on analyzed concerns
d) Documentations and other tasks
- Assist in developing and executive Recovery Plan
- Participate in investigations or forensics activities
- Participate in change management processes
- Assist in troubleshooting hardware and software issues of Collectors and MXDR agents
- Documentation of Incident Reports, weekly/monthly reporting, maintenance of trackers and other relevant documents
- Detection Rules review and configuration
e) Threat Intelligence duties
Performance relevant Threat Intelligence team responsibilities such as, but not limited to:
- Indicators of compromise (IOCs): Collect, analyze, disseminate, and initiate blacklisting
- Compromised accounts: Monitor and validate Client's password leaks
- Brand protection initiatives: hunting of trademark infringements and other violations, impersonations, and sales scams. Perform validations, request for takedown, and monitoring
Others:
- Threat Intel publications and release of advisories, and other reports
- Monitor releases of new vulnerability advisories, disseminate and track
- Monitor of other potential leaks relating to Client (e.g. code repository, database, etc.)
- Implement and enforce security policies, procedures, and best practices.
- Track and validate security controls, addressing deviations and risks
Qualifications:
- Bachelor Graduate of Computer Science, IT or other related course
- Have at least 3- 5 years of experience as a SOC Analyst or Security Engineer
- Hands-on experience in L2 incident response such as containment, isolation, root cause analysis and deep probing analysis.
- Proficient in documentation, strong incident, attack response and containment skills.
- Has experience in cyber threat intelligence is an advantage.
R