Responsibilities: In close collaboration, build, adjust and implement analytics and detection rules for SIEM, EDR and AVUnder guidance, participate in cybersecurity architecture review of new or existing technical solutions and provide recommendations for improvementContribute to the preparation of KPIs for cybersecurity operations capabilities RFP RequestMonitor and investigate alerts leveraging Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for EndPoint, Azure Security, Azure Sentinel and XDR)Monitor and triage AWS security events and detectionsMonitor and investigate alerts leveraging EDR solutionsWork with alerts from the CSOC Analysts, to perform in-depth analysis and triage of network security threat activity based on computer and media events, malicious code analysis, and protocol analysisReview trouble tickets generated by CSOC Analyst(s)Identify incident root cause and take proactive mitigation stepsWork directly with cyber threat intelligence analysts to convert intelligence into useful detectionPerform lessons learned activitiesLeverage emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attackReview and collect asset data (configs, running processes, etc.) on these systems for further investigationUse strong TCP/IP networking skills to perform network analysis to isolate and diagnose;Document actions in cases to effectively communicate information internally and to clientDetermine and direct remediation and recovery effortsProvide other ad hoc support as requiredWhat we are looking for: Knowledge of Transmission Control Protocol / (TCP/IP) protocolsDeep knowledge of Microsoft Security Tools (M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR)Deep Knowledge of Cloud technologies (Azure, AWS and GCP)Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, MS Sentinel, ELK StackKnowledge of at least one EDR solution (MS Defender for Endpoint, Sentinelone, Crowdstrike)Knowledge of email security, network monitoring, and incident responseKnowledge of Linux/Mac/Windows;Minimum of 5 years of relevant experienceProven experience in reviewing raw log files, data correlation, and analysis (firewall, network flow, IDS, system logs)Fluent in English
#J-18808-Ljbffr