Monitors SIEM, trouble tickets / email notifications and in-person escalations, logs from infrastructure components, applications or network devices such as firewalls, IDS/IPS;
Examine the escalated tickets to determine if they are true positive or false positives.
Performs malware analysis, threat hunting and threat modeling activities;
Assist forensic investigation by providing reports and other information;
Reviews and suggests improvements to control deployment process and installation procedures
Develops and documents remediation recommendations for business owners to improve the control environment in which a security incident occurs.Recommendations must be easily understood by non-technical staff;
Provide recommendations and direction on the tuning of signatures, rules, alerts, parsers, and custom scripts within the monitoring solutions;
Participates in root cause analysis and helps with the orchestration of remediation;
Understand defense in depth strategies and apply those to Client’s environment;
Creates and disseminates security related notifications for internal staff (for example: trends, developments, changes in capabilities);
Creates manuals, guides and knowledge base entries;
Keep abreast of latest security and privacy legislation, emerging threats, regulations, advisories, alerts, and vulnerabilities pertaining to HPS ICS SOC and its customers;
Remains knowledgeable of our current solution portfolio and the technical specificities of our offerings.