Conducts threat monitoring and analysis using various threat detection, investigation and response capable tools, such as security information and event management (SIEM) and extended detection and response (XDR) platforms.
Build and maintain security infrastructure, architecture, and system performance.
Conducts multi-telemetry based threat investigations to identify cyber threats coming both internally and externally of the organization.
Triages alerts from detection platforms, identifying and removing false positive issues and escalating genuine identified attacks.
Documents formal, technical incident reports for review by the Director, Cybersecurity and Compliance.
Provides infrastructure teams with incident support, including mitigating actions to contain activity and advisory for remedial actions.
Carries out root cause analysis and investigations to advise on prevention mechanisms and configuration changes.
Works with Threat Intelligence vendors to research emerging threats and exploits to aid in the discovery of incidents.
Maintains knowledge of latest security technologies and mitigations.
Carries out analysis and testing for the purposes of identifying vulnerabilities, misconfigurations or other exposures, and the validation of user policies.
Perform SIEM analysis and ticket handling per service level expectations.
Create documentation for operational processes.
Be available for on-call rotation and 24x7x365 support as needed.
Requirements
3-5 years of information security monitoring and response or related experience.
Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related field, or equivalent practical experience.
CompTIA CYSA+, CompTIA Security+ and/or SANS certifications a plus
Experience managing third-party service providers or MSSPs is a plus.