Performs day to day monitoring of information security appliances, including reviewing, analyzing and interpreting cyber-alerts and events from various systems to identify cyber intrusions or data loss, Escalate confirmed suspicious events and / or system compromises for review and follow-on escalation for containment, eradication, and recovery
Expertise in working with multiple security technologies, platforms including SIEMs, IDS /IPS, Firewalls, Web application firewalls, proxy etc.
Understanding of attacks, attack vectors, kill chain methodology
Strong understanding of malware analysis, threat taxonomy and threat indicators
Create and implement standard operating procedures and processes to help streamline investigations, daily monitoring and analysis research to ensure all analysts are effective and following the same guidelines,
Keep abreast of emerging cyber threats and vulnerabilities to maintain situational awareness and apply lessons learned to current procedures,
Monitor information feeds and threat actor activity to identify activity levels and indicators for cyber threats and cyber attacks
Evaluate new feeds and incorporate new feeds / enrich existing threat intelligence information by adding contextual information
Provide threat intelligence specific to business, function, technology, or event.
Experience, Education, Training &/or Certification:
7+ years in Information Security,
Security certification(s) and/or official training, such as CEH, CISSP or similar would be preferred
Mandatory knowledge in SIEM (ArcSight/Qradar)