Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
Perform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal action
Interface with technical personnel and other teams as required
Produce security incident reports and briefings to be distributed to the team lead and manager
Monitor devices for potential threats
Initiate escalation procedure to counteract potential threats/vulnerabilities
Appropriately inform and advise management on incidents and incident prevention
Implements continuous improvement measures on daily basis
Identify, assess, and resolve complex issues/problems within own area of responsibility
Provide Incident remediation and prevention documentation
Participate in knowledge sharing with other analysts and develop solutions efficiently
Good understanding of Security Information and Event Management concepts and hands-on experience on products such as HP ArcSight, Splunk ES App, IBM QRadar and other related products
Security device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.)
Basic level of expertise in UNIX, Linux, and Windows Operating System.
Exploit and detection analysis skills, including ability to analyze logs for useful information and patterns
Ability to manipulate and present data
Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.
Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management.
Experience working in a diversified, virtual, AWS and Azure environment
Administrational tool development and maintenance.
Desirable to have some certifications such as CCNA, CCSP, Security+, ITIL and GIAC-GCIA
Desirable to have some advanced Certification from SIEM vendor on products such as HP ArcSight, Splunk