Description
This role will be responsible for providing crucial knowledge and experience with investigation, forensic analysis, documentation, and decision making with security event alerting and incident management in providing Cyber Security services solutions to protect our clients' information, networks, applications, and systems.
Review security events that are populated in a Security Information and Event Management (SIEM) system and remediate accordingly.
Investigate and perform in-depth analysis of exploits and recommend remediation.
Conduct proactive threat hunting.
Utilize a variety of cloud-based and on-premises security tools and techniques to proactively analyze suspicious events, network anomalies and other potential threats to determine validity, impact, scope and recovery options.
Provide expertise to support timely and effective decision making of when to declare a Cyber Security incident. Provide information regarding intrusion events, security incidents, and other threat indications and warning information to the client.
Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.
Use automated malware analysis tools to determine threat impact and take actions appropriately.
Support and administration of security tools and platforms in diverse, cloud-based and on-premises environments.
Configuring and monitoring Security Information and Event Management (SIEM) platform for security alerts. Integrate and work with the firms Managed Security Services Provider (MSSP) services.
Qualifications
Post secondary degree or diploma or relevant work experience.
Five or more years of work experience in Cyber Security.
Working knowledge of the Mitre Att&ck Framework
Experience in an Operations Center (SOC/NOC) monitoring environment.
Experience working with SIEM technologies specifically Splunk Azure Sentinel