Education: Applicable security certification a plus (CISSP, GCIH, GSOC, etc.)
Skills, Specialized Knowledge (Desired): Experience with scripting (PowerShell, Python, JavaScript) Familiar with NIST CSF, ISO27001, and other security standards; Experience with querying Splunk (Search Processing Language – SPL) English – At least B2 level Qualifications Familiarity with SIEM products, EDR, NGAV/EDR,SASE/Web Gateways, firewalls, network devices, and intrusion detection/prevention systems; Capable of working independently and collaboratively Familiarity with networking fundamentals; Strong analytical, problem-solving, and critical thinking skills; Excellent verbal and written communication skills Summary of Duties and Responsibilities Monitor and respond to alerts from key security technologies and other internal sources.
Tunes alerts, processing rules, maintenance jobs, etc.
to minimize false positives and noise while ensuring relevant security information is captured and highlighted.
Develop and implement new relevant detections within company SIEM.
Develop or improve automation playbooks Research emerging threats, evaluating likelihood of occurrence, and recommend controls to mitigate them.
Communicates ongoing investigations clearly and timely; Create and update incident response playbooks and other security operations documentation as needed.
Interface with technical personnel and other teams as required.
Track relevant KRIs and KPIs to measure program effectiveness.
Participate in on-call rotation for evening and weekend coverage Qualifications Familiarity with SIEM products, EDR, NGAV/EDR,SASE/Web Gateways, firewalls, network devices, and intrusion detection/prevention systems; Capable of working independently and collaboratively Familiarity with networking fundamentals; Strong analytical, problem-solving, and critical thinking skills; Excellent verbal and written communication skills