Job Description
Responsible for day to day management of security incident and event management system in a 24x7x365 environment, providing incident response team support to Global Security Operations Center (GSOC).
Responsibilities
- Monitors and responds to security events and incidents using established processes, creating process and procedures where none are already established. Detect and assess threats to the computer networks and assets.
- Reviews incident data and provide root cause analysis and recommendations on how to prevent future occurrences.
- Provides Subject Matter Expert (SME) in cyber security architecture, engineering, and policy sufficient to support critical assessment of proposed system changes and configuration changes for weaknesses and opportunities for improvement.
- Performs deep package inspection, review system logs and correlate network data to identify security incidents.
- Looks for threats and malware that alarms miss, develop indicators and tripwires to improve detection and prevention capabilities.
- Builds and prepares executive dashboards to communicate risks and incidents across the organization.
- Performs other duties as assigned.
Qualifications
- Bachelor's Degree (Four-year college course)
- One (1) or more years of experience in a similar role.
- Customer Service Intermediate Certification which includes Communication Strategies and Customer Relationship Management.
- Basic knowledge of SIEM (Qradar, Archsight, AlienVault), ATP technologies, Threat Intelligence, DLP, NGFW, IPS/IDS, WAF, NAC, Anti-Malware Prevention and Forensics.
- Basic Knowledge of enterprise IP networks, solution architectures, security technologies, and tools.
- Attention to detail and follow through including the ability to document work.
- Strong analytical, reasoning, and organizational skills are essential.
- Reviews incident data and provide root cause analysis and recommendations on how to prevent future occurrences.
- Reviews incident data and provide root cause analysis and recommendations on how to prevent future occurrences.
- Provides Subject Matter Expert (SME) in cyber security architecture, engineering, and policy sufficient to support critical assessment of proposed system changes and configuration changes for weaknesses and opportunities for improvement.
- Performs deep package inspection, review system logs and correlate network data to identify security incidents.
- Looks for threats and malware that alarms miss, develop indicators and tripwires to improve detection and prevention capabilities.
- Maintains high degree of professionalism and confidentiality.
- Ability to multi-task, prioritize and manage time effectively.
- Interpersonal skills - Able to work independently and as a team member.
- Keen attention to details.
