Monitor alerts across Security Stack and provide advanced detection and responseservice through security event analysis review.Perform incident response and basic malware analysis to investigate incidents.Help navigate staff from incident response triage into the incident response process iffindings are substantiated.Work with the senior security engineers and analysts in fine-tuning the security systemsremoving any false positive alarms.Maintain current knowledge of tools and best practices in forensic and incident responseand develop an understanding of advanced persistent threats, including tools, techniques,and procedures of attackers.Lead security vulnerability management program recommending best practices/solutionsto address vulnerabilities, secure hosts, applications, databases, and networktechnologies.Strengthen Security operations monitoring by extracting data from threat intelligence anddevelop understanding of adversary TTPs.Monitor the performance of security solutions to identify and bring to attention breachesand potential intrusion incidents.Monitor security logs and alerts from various sources, including intrusion detectionsystems, Endpoint Detection and Response (EDR) systems, and security information andevent management (SIEM) tools.Investigate and analyze security incidents, identify root cause, and develop appropriatemitigation strategies.Execute security response actions, including full remote remediation of endpoints.Perform threat hunting and proactive analysis to identify potential security risks andvulnerabilities.Implement security frameworks including CIS Benchmarks, ASD essential 8 on systems.Handle cyber security incidents in conjunction with the existing service providers fromdetection through to completion, including maintaining incident response documentation, postmortemroot cause analysis, writing incident reports, and providing lessons learned andenhancements required.TECHNICAL PROFICIENCY: One of these following certifications: CISSP (CertifiedInformation Systems Security Professional), CISM (Certified Information Security Manager)or CCISO (Certified Chief Information Security Officer). Technical understanding of digitalforensics and incident response in accordance with NIST standards. Experience working anddesigning solutions that meet compliance standards for NIST, ISO, CMMC, PCI, and DODregulatory controls. Advanced proficiency with Microsoft Office products, including Word,Outlook, PowerPoint, and Excel.
#J-18808-Ljbffr