Manage and support the log collection, security scanning, intrusion detection, proxy, mail gateway and other security technologies. Malware Analysis Review, triage security alerts, provide analysis, suggest remediation, track remediation. Support in resolving security incidents. Support Security Information and Event management (SIEM) solutions. Support integration with various devices. Investigate and respond to security incidents. Monitor networks and systems for potential threats. Knowledge of network data flows, ports, protocols, and other network and application services/technologies. Implementation Knowledge on SIEM technology (IBM/HP/LogRhythm), Vulnerability management tools (NESSUS/Qualys), EDR and SOAR etc. Knowledge of Information security life cycle, policies, process, and standards. Participation in emergency SOC calls from 24 x 7 SOC monitoring. Investigate incidents using SIEMs packet captures, reports, data visualization, and memory analysis tools. Respond to incidents by collecting, analyzing and preserving digital evidence to assist with the Incident Responders in remediation of critical information security incidents. Improve and challenge existing processes and procedures in a very agile and fast-moving information security environment. Ability to write technical documentation and present technical briefings to diverse audiences. Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware. Integration of Threat feeds Responding to alerts from the various monitoring/detection systems and platforms within defined SLAs. Current knowledge of security threat intelligence and recent attack vectors Strong forensics analysis skills
