Senior Security Engineer

SIEM-

Detailed Security Assessment of Network Architecture to devise strategies and facilitate the integration of Infrastructure and Network components with the SIEM

Configure rules basis changing threat landscape on SIEM to identify breaches

Prioritise and differentiate between potential intrusion activity and false alarms

Correlating SIEM and IPS logs to check any suspicious traffic to verify it against vulnerabilities and also Zero Day Attacks

Analyse logs from firewalls, network and host intrusion and prevention systems

Conduct incident and investigation post-mortem briefings, analysis, and reporting;

Conduct forensic investigations including network packet capture, memory analysis or malware analysis;

Provide technical guidance to investigations to correctly gather, analyse and present digital evidence to both business and legal audiences

Collate conclusions and recommendations and present forensics findings to stakeholders

Plan, organise and devise approaches necessary to respond to Cyber Security incidents and obtain useful forensic information from the evidence collected;

Facilitate the integration of threat and data feeds for the purposes of incident response.

DLP-

Assist with the design and delivery of DLP implementation including requirements , design, testing as well as post implementation maintenance

Develop policies to monitor protected data while in-use, in-motion and at-rest with response rules to prevent leakage of protected data

Develop incident response workflow for DLP incidents as raised through DLP tool

Analyse report from DLP tool and provide metrics to management

Document solutions and help documents as needed for future DLP Analysis team

Suggest efficient method to get more productive results as per requirements

Perform scans to identify and fingerprint data to be protected

Troubleshoot issues that may arise from an incomplete scans, performance issues related to agent and scan, email and network traffic.

Antivirus-

Checking and taking required actions on any abnormality observed in daily AV/threat reports

Checking and taking required actions on protection status report periodically

Providing/Blocking Bluetooth and endpoints

Performing virus scans on systems if any abnormalities is observed

Miscellaneous- (Common Activities)

Other:

Logging and managing tickets on ticketing tool- OT, OTRS, Jira

Sharing status of respective roles/responsibilities to update Dashboard

Updating IT Security Incident register

Creating MOMs of meetings attended