SIEM

Key Responsibilities:

• Monitor security alerts and events from SIEM (Security Information and Event Management) systems and other tools.

• Investigate and respond to security incidents conducting root cause analysis and coordinating mitigation efforts.

• Manage and fine-tune security tools such as firewalls intrusion detection/prevention systems (IDS/IPS) endpoint detection and response (EDR) and antivirus software.

• Develop and maintain playbooks for incident response and threat detection.

• Assist in log management and correlation of security events.

• Participate in threat hunting activities and provide recommendations for improved detection.

• Collaborate with IT DevOps and application teams to integrate security best practices into day-to-day operations.

• Stay up-to-date with the latest security threats vulnerabilities and technology trends.

• Experience in security tool configurations security tools administration. Eg. CyberArk Imperva Proofpoint Cylance Windows Defender OKTA ADManager Plus O365 Windows Intune

Qualifications:

Required:

• Bachelors degree in Computer Science Information Security or a related field or equivalent work experience.

• 5 years of experience in a security operations SOC or similar cybersecurity role. Overall IT Security experience of 8 years.

• Familiarity with SIEM platforms (e.g. Splunk QRadar LogRhythm Rapid7 Arctic Wolf).

• Experience with incident response and forensic tools.

• Strong understanding of network protocols operating systems (Linux and Windows) and cloud security principles (AWS Azure or GCP).

• Knowledge of MITRE ATT&CK framework NIST standards and security best practices.

Preferred:

• Security certifications such as CEH CompTIA Security GIAC or CISSP.

• Experience with scripting languages (e.g. Python PowerShell) for automation.

• Exposure to threat intelligence platforms and feeds.

• Knowledge of compliance frameworks (e.g. ISO 27001 SOC 2 HIPAA GDPR).