- Response planning, response strategy validation and application
- Carry out event-driven targeted investigations where applicable and analyze for further Security Incidents
- Take ownership, lead investigation and risk mitigation activities for Security Incidents with critical severity rating
- Join and provide input into operational meetings like daily stand-up meetings, weekly meetings and war room meetings as required
- Soft skills with ability to communicate with different audiences in a nuanced manner in meetings with different stakeholders
Representative Experience
- Strong grasp of operating systems (Windows, Linux, MacOS) and networking protocols and concepts.
- Extensive knowledge of internet security issues and the threat landscape.
- Previous experience with the following tools: Splunk, EDR Solutions, Microsoft Security products.
- Problem-solver with excellent communication skills, a deep technical understanding of security best practices.
- Knowledge of threat hunting.
- Strong grasp of the Incident response life cycle
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
- Capable of writing advanced ad-hoc SPL queries.
- Analyze log files from a variety of sources (for example, Individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
- Utilize SIEM tools, such as SPLUNK and EDR tools, to enhance monitoring capabilities and expanding on the security posture of the current environment.
- 7+ years experience in a SOC or Fusion Center environment
- Incident Response specific or other relevant certifications [ex. GCIH, ECIH, SEC + etc.]
- Experience with incident response in cloud platforms [AWS, GCP, etc]
Skills: grasp,ad-hoc,operating systems (windows, linux, macos),edr,event-driven targeted investigations,security best practices understanding,response planning,ad-hoc spl queries writing,incident response life cycle understanding,siem tools utilization,internet security issues,certifications (ex. gcih, ecih, sec + etc.),cloud platforms incident response experience,analyzing security incidents,edr solutions,threat landscape knowledge,soc,log files analysis,communication skills,network traffic analysis,response strategy validation,threat hunting knowledge,networking protocols and concepts,problem-solving,splunk,microsoft security products,aws
