Requirements:
Monitor security events and perform incident response and documentation.
Automate tier1 incident response process.
Regularly review Siem rule base and perform tuning and create new rules based on trending cyber attack methods
Threat Hunting search for suspicious activities and existing threats based on non-monitored scopes
Vulnerability Managment Generate reports using vulnerability scanning tools and collaborate with stakeholders to ensure progress
Generate reports for IT administrators, business managers, and security leaders to evaluate the efficacy of the security policies.
Advise and implement necessary changes required to counter the attack or improvise security standards.
Document incidents to contribute to incident response and disaster recovery plans.
Perform internal and external security audits.
Cybersecurity course or certification.
Experience in similar SIEM/SOC roles. (Mssp, SOC on-prem, IR team).
Proven experience with SIEM (Rules, Parsing, Correlation, Investigation) – MUST.
Proven experience with Palo Alto Xsoar (Playbook implementation) – MUST.
Proven experience with Threat Hunting – MUST.
Familiarity with methodologies, such as Cyber Kill Chain and MITRE ATT&CK. MUST
Experienced with multi-cloud platforms (Azure, AWS) Advantage.
Experienced with EDR System (Crowdstrike Advantage).
Strong knowledge of the TCP/IP topology, network protocols, active directory, and File permissions.
Experienced with network and security systems (network device, security device, endpoint devices, EDR, FW).
Experience with writing incident response reports.
OS Fundamentals: Windows, Linux, Mac-an advantaged.
Scripting: Powershell, Python-an advantaged.
Code Language: Regex, JSON, XML-an advantaged.
