Incident Response And Handling

Key Responsibilities

Advanced Log Monitoring and Analysis:

- Conduct deeper analysis of security events and alerts generated by Splunk, ELK SIEM & EDR, correlating data across various sources to identify potential security threats.

- Perform advanced triage, classification, and root cause analysis of escalated security incidents.

- Utilize the Splunk, ELK SIEM & EDR platform to investigate complex security events, identifying patterns and relationships in logs to identify potential malicious activities.

Incident Escalation and Resolution:

- Escalate high-priority and complex security incidents and work closely with the Level 2 team to get expertise and guidance.

- Engage with incident response teams to perform deeper forensic analysis and assist with the containment, mitigation, and recovery phases of security incidents.

- Document and communicate incident findings, ensuring a clear and concise record of the investigation and resolution process.

Collaboration and Knowledge Sharing:

- Collaborate with the L1 peer team, senior engineers, and other stakeholders in the security operations lifecycle to ensure smooth and effective incident handling.

- Participate in security operations meetings, helping to continuously refine and improve processes.

Reporting and Compliance:

- Assist in generating reports for security incident analysis, compliance audits, and management reviews.

- Support internal and external audits, providing data, logs, and documentation as needed.

- Help track security metrics and performance indicators to support security operations reporting.

Continuous Improvement and Research:

- Stay updated on the latest trends in cybersecurity threats, vulnerabilities, and defense mechanisms to enhance the teams capabilities.

- Suggest improvements to the security monitoring processes and help implement new detection technologies and methodologies.

Desired qualifications:

• Bachelors degree in computer science, Cybersecurity, or related field, or equivalent experience.

• Minimum of 2-4 years of experience in cybersecurity, IT security operations, or incident response.

• Prior experience in a Security Operations Center (SOC) or handling security incidents in an enterprise environment.
• Experience with security monitoring, SIEM platform tuning, and threat detection engineering.

Technical Skills:

- Advanced proficiency with Splunk, Azure Sentinel, ELK SIEM & EDR platforms (experience with other SIEM platforms like Azure Sentinel is a plus).

- In-depth understanding of network protocols (TCP/IP, DNS, HTTP, etc.), security devices (firewalls, IDS/IPS, etc.), and endpoint security technologies (EDR, antivirus, etc.).

- Hands-on experience with log analysis, data correlation, and incident investigation.

- Familiarity with threat intelligence tools, data sources, and feeds.

- Strong understanding of security frameworks, including MITRE ATT&CK, NIST, and OWASP.

Preferred Certifications

•CompTIA Security+, CEH or similar certifications.

•Splunk, EDR Certified Security Engineer or other relevant certifications.