Assisting clients with monitoring, investigation and response to security incidents.
Effectively assess security incidents, determine their severity level, and manage response efforts with efficiency and precision.
Conduct research, analysis, and investigation of security alerts
Maintain a comprehensive awareness of the current threat landscape, including malware, phishing attacks, and advanced persistent threats (APTs).
Actively participate in post-incident reviews to identify lessons learned and recommend improvements to processes and technologies.
Provide feedback and recommendations to enhance detection and response capabilities
Participate in continuous improvement of security operations processes and toolsets
Provide guidance and leadership to the team during critical situations, ensuring effective decision-making and response.
Foster collaboration with cross-functional teams to enhance the overall security posture of the organization.
Mentor and train junior analysts, sharing knowledge and best practices to strengthen team capabilities.
Requirements:
Bachelor's degree in Computer Science, Information Technology, or a related field
Preferably 2+ years of experience in a Security Operations Center (SOC) or related cybersecurity role
Demonstrated ability to analyze, triage and remediate security incidents.
Moderate knowledge in SIEM tools such as Splunk, Microsoft Sentinel or similar platforms, along with a solid understanding of various log sources and their functions.
Moderate knowledge of security related technologies and their functions (Firewall, VPN, IDS/IPS, EDR, WAF, etc.)
Experience in developing SOC use cases in SIEM to correlate diverse logs, including the creation of new monitoring use case logic and enabling effective investigation of security alerts and incidents.
Experience in conducting investigations across various environments, including endpoints, networks, web applications, databases, and cloud resources
Moderate knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)
Knowledge of Cyber Threat Intelligence, including the analysis of intelligence alerts, threat hunting, and providing actionable recommendations.
