Analyze threat information gathered from logs, Intrusion Detection Systems (IDS), intelligence reports, vendor sites, and a variety of other sources and recommends rules and other process changes to protect against the same.
Ensure that you are implementing best practice security policies that address the clients business needs while protecting vital corporate assets.
Support customer IT administrators and cybersecurity personnel to ensure successful incident response practices and business system recovery.
Manage work with incident response/detect to identify and recommend new internal and external data sources to develop additional threat detection logic.
Formulate: information security analysts perform investigations on security alerts and monitor all security tools utilized to secure the environment.
Standardize: reactive incident management act with a sense of urgency to minimise business impact with clear stakeholder communication throughout.
Configure and operationalize cybersecurity tool data feeds, creating reports to show vulnerability and configuration compliance scan and remediation results.
Steer: conduct detailed review of cyber investigations reports and case management system to assess data/content quality, supporting evidence and the appropriateness of case outcomes.
Collect functional and technical requirements from stakeholders to perform business analysis for current and future use cases.
Oversee: review and take a proactive approach to false positive and work with the various security teams to tune and provide feedback to improve accuracy of the alerts.
Advise and consult on options, improvements, cost savings opportunities and cross project impact to other business processes and systems priorities.
Guide: IT infrastructure, IT applications, IT Security, and other functional areas to provide a risk based and solution focused perspective on security matters.
Provide regular feedback, guidance and consultation to cyber investigative staff, offering direction and expertise to further an investigation.
Guide: architecture efficient and effective workflow and reporting solutions for capturing, validating, and approving risk activities.
Supervise, motivate and develop a team of high performing cyber investigators through mentorship, expectations and training secondary.
Troubleshoot complex issues and provides incident resolution for all related incidents requiring escalated support or subject matter enterprise.
Manage the balancing of service, people, change and cost in the delivery of your strategic plan and day to day operations for area of responsibility (where appropriate).
Orchestrate: group of individuals whose collective mission is to investigate information security risks to or wrongdoing against your firm.
Perform threat hunting activities in client network through proactive analysis of log, network and system data to identify undetected threats.
Contribute to the development of effective, efficient and repeatable processes to improve the operations of the SOC and value to clients.
Ensure you consider; lead or lead the creation and or maintenance of policies, security metrics, standards, baselines, and guidelines.
Confirm your organization directs and controls activities for a client, having overall responsibility for financial management, methods, and staffing to ensure that technical requirements are met.
Be accountable for working knowledge in network access control, intrusion prevention and detection systems, firewalls, routers, incident response, information security methods, and risk management.
Ensure you create; lead collaboration efforts with internal and external IT service providers and business units in evaluating and gathering technical requirements for business clients information security initiatives.
Operationalize indicator of compromise from intelligence feeds by developing, testing, and deploying monitoring and alerting rules into siem.
Be knowledgeable of network and security architecture principles, firewall and IDS/IPS fundamentals, endpoint security systems and other security protective/detective systems.