- At least experience in Information Security operations management with hand on experience in large security operations center using IBM QRadar Splunk ArcSight or similar SIEM tool
- Manage network endpoints and forensics initiatives malware triage and cyber security incident response
- Managing Cyber Security Services engagements and engagement teams
- Recognizing common attacker tools tactics and procedures
- Providing oversight for on site examinations and collections and technology advisory services to enhance forensic client engagements
- Researching and developing new digital forensics scripts tools and methodologies
- Assessing and troubleshooting a variety of technical issues and support a cyber response lab on our clients SIEM tool and UEBA platform
- Assist in conducting peer reviews and providing quality assurance reviews for junior personnel and will support the mentoring of junior incident
- managers and provide guidance to others on incident management prioritization triage and report writing in support of onsite engagements
- Guiding the team to Monitor identify and investigate the security alerts and perform incident response activities related to cybersecurity incidents
- Creates new trouble tickets for alerts that signal an incident and require Tier 2 Incident Response review
- Respond to cybersecurity incidents conduct threat analysis as directed and address detected incidents for resolution
- Should be able do multitasking to coordinate incident with Sr analyst and escalation manager
- Recommend enhancements to SOC security process Operations efficiencies
- Create Incident response IR plan IR play books manage all incidents and crisis situations
- Log Analysis handle resolve security incidents
- Collaborate with respective tracks technical team for remediation of the incident
- Periodical review of incident response plan and procedures
- Recommend and document specific countermeasures and mitigating controls
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Data Security->Public Key Infrastructure(PKI),Devops->Google Cloud Ptatform (GCP),IDAM->CA Siteminder(CA Identity Suite),IDAM->IBM Security Identity manager(ISIM),Infrastructure Security->Malware Analysis,Infrastructure Security->Symantec Endpoint(SEP),Network Security->Firewalls->Checkpoint,Network Security->Firewalls->Juniper-Firewalls,Network Security->Firewalls->Palo Alto,Network Security->Firewalls->Web Application Firewall(WAF),Security Incident and Event Management(SIEM)->Arcsight,Security Incident and Event Management(SIEM)->Logrythm,Security Incident and Event Management(SIEM)->QRadar,Security Incident and Event Management(SIEM)->RSA Envision,Security testing->Cloud Security,SOC,SOC->Security Monitoring,SOC->Security Operations Center(SOC/SIEM),Tools->Service Now->ServiceNow-Security,Tools->Splunk
