Responsibilities:
Security Monitoring & Detection:
Develop, implement, and manage security monitoring solutions to detect potential threats.
Analyze security alerts and logs to identify potential security incidents.
Tune detection tools to reduce false positives and improve detection accuracy.
Incident Response:
Lead and coordinate the response to security incidents, including investigation, containment, eradication, and recovery.
Perform root cause analysis and develop recommendations for preventing future incidents.
Digital Forensics:
Conduct network and endpoint forensics to gather and analyze evidence of cyber incidents.
Utilize forensic tools and techniques to support investigations.
Threat Hunting:
Proactively search for threats within the organization’s networks and systems.
Develop and execute threat hunting methodologies to identify and mitigate advanced threats.
Collaboration & Communication:
Work closely with other members of the GSIRT and other IT teams to ensure effective incident response and security monitoring.
Maintain clear and concise documentation of incidents and monitoring activities.
Qualifications:
- Bachelor’s degree in computer science, engineering, information technology, or equivalent experience.
- Minimum of 5 years of experience in information security, with a focus on security operations.
- Proven experience with network and endpoint forensics, and log analytics.
- Proficiency in Python, Shell scripting, and other programming languages relevant to security operations.
- Strong understanding of security event detection, monitoring, tuning, and analysis.
- Experience with incident response and triage.
- Proficiency in using Splunk for security monitoring and analysis.
- Excellent soft skills, including communication, teamwork, and problem-solving abilities.
Preferred Skills:
- Certifications such as CISSP, CISM, GCIH, GCFA, or other relevant security certifications.
- Experience in a geographically dispersed team environment.
- Knowledge of advanced persistent threat (APT) tactics, techniques, and procedures (TTPs).
- Familiarity with other security tools and platforms, such as SIEMs, EDR solutions, and threat intelligence platforms.
Key Attributes:
- Strong analytical and problem-solving skills.
- Ability to work independently and as part of a team.
- Excellent verbal and written communication skills.
- High level of integrity and ethical conduct.