SUMMARY OF DAY TO DAY RESPONSIBILITIES:
Define, develop and/or implement detection strategies, analyze security data, and create monitoring use cases to ensure timely responses to potential threats. The primary goal is to enhance organization's ability to detect and respond to security breaches. Develop advanced detection logics and algorithms which can efficiently spot and alert of any suspicious activity or potential threats. Perform detection gap assessments to ensure coverage across identity, network, endpoint, cloud, and application layers. This role aligns with CSOC, CSIRT, threat hunting, threat intelligence, red team, risk management, and so forth, to build a threat-informed defense system. May participate in incident support and/or projects to provide reporting, data analysis, and assessments.
Must Have
· Experience in SIEM content development (Splunk, Azure Sentinel, Logscale, or similar SIEM platform).
· Understanding of various log formats and source data for SIEM Analysis.
· Minimum 5 years of information security experience, preferably engineering or development.
· Ability to effectively communicate with anyone, from end users to senior leadership - facilitating technical and non-technical communication.
· Strong incident handling/incident response/security analytics skills.
· Deep understanding of technical concepts including networking and various cyber-attacks.
· Solid background with Windows and Linux platforms (security or system administration).
