Recognize successful cyber intrusions and compromises through log review and analysis of relevant event detail information.
Acknowledge, analyse, validate incidents and alerts triggered by SIEM solution
Launch and track security investigations to resolution. Recognize cyber-attacks based on their signatures. Differentiate the false positives from true intrusion attempts and help remediate / prevent.
Actively investigate the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notify client when appropriate.
Perform tasks as identified in a Security Operations Process Manual and runbooks.
Coordinate with Clients internal teams for relevant security incident investigations.
Conduct periodic Vulnerability Assessment and Reporting.
Configure reports, dashboard, alerts of Security Events, Logs as per customer requirement.
Install and Configure Log Collectors.
Configure and set up alerts for Security Event Log Management with SIEM, deploy agents, implement/ fine tune rules.
Endpoint Detection and Respond SOC - SentinelOne, Crowd Strike, Microsoft Defender
Monitoring, analyzing, and detecting security events and incidents related to endpoints
Manage, tune, and optimize EDR tool which includes evaluating existing rules.