Requirements

• Continuously monitor SIEM platforms, firewalls (e.g., Palo Alto, Cisco), IDS/IPS, and endpoint protection systems (e.g., CrowdStrike, SentinelOne) to identify anomalous activities and potential breaches.
• Prioritize and triage security alerts based on severity, utilizing frameworks like MITRE ATT&CK to assess attacker tactics and techniques.
• Conduct forensic analysis of phishing campaigns, malware infections (e.g., ransomware, trojans), and unauthorized access attempts.
• Perform deep-dive log correlation across network devices, servers, and applications to trace attack vectors and contain incidents.
• Execute predefined playbooks for escalation, evidence collection, and post-incident reporting.
• Partner with threat intelligence teams to identify emerging vulnerabilities and refine detection rules.
• Support vulnerability assessments and threat-hunting missions to proactively identify weak points in client environments.
• Document incident timelines, root causes, and remediation steps in SOC case management systems.