Advanced incident investigation: Conduct deep-dive investigations into complex security alerts and incidents, correlating events across multiple security tools and logs (SIEM, EDR, network logs, cloud logs).
Incident response leadership: Lead containment, eradication, and recovery efforts for security incidents, collaborating with IT, engineering, and other teams.
Threat hunting: Proactively search for threats within our environment using threat intelligence, hypotheses, and advanced analytical techniques.
Root cause analysis: Perform root cause analysis for security incidents and recommend preventative measures to enhance our defenses.
Threat Hunting: Exercises and proactive detection activities. Stay updated on emerging threats, vulnerabilities, attack techniques, and security news
Vulnerability Management: Conduct regular vulnerability scans and assessments using industry-standard tools and ASPM. Analyze scan results to identify and classify security vulnerabilities, understanding their potential impact and exploitability.
Develop playbooks: Contribute to the creation and refinement of incident response playbooks, runbooks, and standard operating procedures, including SOAR.
Security tool optimization: Recommend and assist with the configuration, tuning, and optimization of SIEM rules, EDR policies, and other security controls.
Threat intelligence integration: Integrate and operationalize threat intelligence (IOCs) and TTPs to improve detection capabilities and inform proactive defense strategies.
Reporting: Generate comprehensive incident reports and provide actionable insights to management.
Required Qualifications:
Minimum of 5 years of experience in a Security Operations Center (SOC) or a similar cybersecurity role
Strong understanding of security frameworks (MITRE ATT&CK, NIST, ISO 27001, etc.)
Hands-on experience with SIEM tools (e.g., Splunk, QRadar, Sentinel, etc.)
Familiarity with EDR solutions (e.g., CrowdStrike, Carbon Black, Defender ATP)
Solid knowledge of networking concepts, log analysis, and common attack vectors
Experience in the incident response lifecycle, malware analysis, and threat hunting
Ability to perform effectively in high-pressure situations and manage multiple incidents simultaneously
Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience)
Preferred Skills and Certifications:
Certifications such as GCIA, GCIH, CEH, CISSP, OSCP, or Security+
Experience with scripting (Python, PowerShell, Bash) for automation and log parsing
Knowledge of cloud security monitoring (AWS, Azure, GCP)
Experience with SOAR platforms and the automation of incident response workflows