1. Detect, classify, and report incidents to either escalate to the triage team or close the event to ensure the root cause of the incident.
2. Identify security risks and communicate escalations throughout the incidents per the Security Operations Center (SOC) processes.
3. Communicate directly with data asset owners and business response plan owners during high severity incidents to maintain the integrity of the Investigation.
4. Perform analysis of log files to investigate the events to identify the root cause of the incident.
5. Recommend tuning Security Information & Event Management (SIEM) filters and correlation rules to continuously improve monitoring and detection.
6. Create monitoring dashboards to ensure real time awareness of security.
7. Generate reports required for audit and compliance requirements and required SOC governance reports.
8. Participate in evaluating and recommending security solutions to ensure catering for logging and monitoring requirements in any system to fulfil SOC core objectives.
9. Monitor all log sources heart beat and report/investigate issues to ensure maintaining healthy logs to avoid any failure of data collection and impacting the core SOC monitoring function.
10. Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.
11. Follow the day-to-day operations related to own jobs in the department to ensure continuity of work.
اطلب مساعدة الخبراء لكتابة سيرة ذاتية مميزة.