Support or contribute the different levels of the incident response process in case of confirmed incidents
Support and contribute the execution of incident simulation exercises for validation and improvement of the overall incident response capabilities
Help us create useful alerts from events
Operate and optimize security processes and tools
Developing incidence response playbooks
Handling security incidents/alerts, investigating the root cause in collaboration with other Security teams, establishing corrective controls, and minimizing the impact
Investigate breaches, gather evidence, and analyze data
Correlate actionable security events from various log sources and Threat Intelligence (TI)
Maintain and enhance our security monitoring toolkit (SIEM, sensors, etc.)
Create, improve, and implement security detection techniques within our SIEM
Help us identify malicious activities within our network, which our current toolset might not cover
Work as part of a team to deploy and maintain secure and reliable network architecture as well as server/system security best practices
Build security tooling and automation for internal use that enables the Security Department to operate at high speed and wide-scale
Participate in team problem-solving efforts and offer ideas to solve the issues
Advice and support the company in all security-related matters
Requirements
Familiar with different attacks on different layers of standard TCP / IP model
Proficient in SIEM and Log Analysis tools like Splunk
Proficiency in writing Regular Expression
Ability to use scripting to automate Security Operations Center processes
Ability to analyze security incidents
Proficient in incident handling and incident response
Ability to perform multiple tasks (Multi-Tasking)
Self-Study capability and morality
Capability of performance management under stressful situations
Ability to provide creative s solutions
Proficient in designing template documentation and technical reports
