Respond to both security incidents and events logged by IT Teams, staff members, monitoring tools and security Partners
- Actively tune alert logic where needed in the various security systems to reduce noise, optimize visibility, and reduce cognitive load, as well as overnight call. This includes but is not limited to, Splunk SPL rules, PagerDuty Event Rules, Cylance Optics, Darktrace and MCAS alerts, etc
- Support the investigation, configuration, management and enhancement of security ops technologies. This will include hands-on management of the following technologies: Cylance endpoint protection, Proofpoint mail gateway, PaloAlto IDS, DarkTrace, Splunk event management solution, Tenable IO, and O365 security & compliance event management portal
- Participate in and support 24 by 7 pager on-call rotation for security event management
- Participate and influence the development and refinement of Incident Response Playbooks
- Continuously share knowledge with the team and mentor less senior analysts
- Develop and deliver formal documentation of security operations/process in support and management of InfoSec Core technologies.
- May participate in POCs and assist in implementation and deployment of new technologies.
- Work with IT teams to develop formal processes where support of security technologies are decentralized.
- Investigate and recommend opportunities for proactive identification of threats to the systems (i.e. threat hunting).
- Research newly discovered vulnerabilities (i.e. zero days, system alerts, critical vulnerability alerts) investigate risk to the systems, mitigation strategies and opportunities to reduce residual risk to systems.
- Investigate ways to automate response to day to day security event management processes and provide recommendations for improvements.
