SIEM CROWDSTRIKE

Key Responsibilities

• Work collaboratively with Account Manager

• Track incident detection and closure

• Act as subject matter expert and expert witness where required

• Generate new use cases for emerging threats

• Conduct incident response coordination with customer

• Validation of security incidents

• Conduct audits of logging and correlation

• Conduct monthly security use case review and correlation audits

• Escalation management

• Ensure process compliance ans SLA compliance

• Ensure quality of investigations and notification and direct L2 and L1 accordingly

• Report deviations to SOC manager and L3

• Perform deep analysis to security incidents to identify the full kill chain

• Set up weekly meeting to review the weekly reports with the client

• Respond to clients’ requests, concerns and suggestions

• Follow up with the recommendations to the client to contain an incident or mitigate a

threat

• Respond to incident escalations and provide solid recommendations

• Update aging incidents and requests

• Track SOC performance in terms of SLAs and incident quality

• Conduct threat hunting exercises on SIEM and EDR platforms

• Perform quarterly evaluation for L1 and L2 analysts and report feedback to SI management

Essential Skills

• Experience with Security Information Event Management (SIEM) tools

• Good understanding of SIEM co-relation rules

• Should have expertise on TCP/IP network traffic and event log analysis

• Knowledge and hands-on experience with any SIEM tool, \"SPLUNk \"

• Knowledge and handon experience on any EDR tool, \"Crowdstrike, MS\"

• Good Understanding of Cloud Services. E.g. AWS Guard Duty, AWS Cloud Trail, AWS Cloud

Watch etc

• Good understanding of system hardening, and Vulnerability Assessments