1. Ensure that all log sources are reporting to the SIEM platform to maintain the availability of the logs.
2. Ensure all the integrated assets are reporting to their relevant solution (such as Data Activity Monitor, File Integrity Monitor, or Firewall Monitor)
3. Monitor the health of the log sources to make sure the log sources are sending proper logs that are used to identify incidents for reporting, detecting incidents, and/or contextual data.
4. Implement use cases over different SOC technologies as required by the Security Intel team to identify incidents.
5. Generate reports as required by SOC management teams to be presented to the management in alignment with the governance document to be used in further data analysis.
6. Create dashboards & periodical reports to ensure that all the integrations are functional and in healthy posture.
7. Manage the SOC solutions/products solutions' by measuring, and configuring the performance & capacity planning to maintain the effectiveness of the SOC technologies stack.
8. Work with systems owners to establish SIEM technology to meet the strategic goals of identifying security incidents by defining Use Cases and Technical administration of the SIEM software platform.
9. Modify configuration files to achieve full integrations with different log sources to maintain the correlation effectiveness of the SIEM solution.
10. Deploy and Develop customized and non-customized SIEM connectors for supported and unsupported SOC log sources.
11. Follow all relevant department policies, processes, standard operating procedures, and instructions so that work is carried out in a controlled and consistent manner.
12. Follow the day-to-day operations related to own jobs in the department to ensure continuity of work.
اطلب مساعدة الخبراء لكتابة سيرة ذاتية مميزة.