Education: Bachelor's degree desirable in information technology, Information Security, or relevant field.
Applicable security certification a plus (CISSP, GCIH, GSOC, etc.)
Experience: At least 2 Years of experience in Security Operations Summary of Duties and Responsibilities Monitor and respond to alerts from key security technologies and other internal sources.
Tunes alerts, processing rules, maintenance jobs, etc.
to minimize false positives and noise while ensuring relevant security information is captured and highlighted.
Develop and implement new relevant detections within company SIEM.
Develop or improve automation playbooks Research emerging threats, evaluating likelihood of occurrence, and recommend controls to mitigate them.
Communicates ongoing investigations clearly and timely; Create and update incident response playbooks and other security operations documentation as needed.
Interface with technical personnel and other teams as required.
Track relevant KRIs and KPIs to measure program effectiveness.
Participate in on-call rotation for evening and weekend coverage Qualifications Experience conducting investigations from triage to closure.
Experience with SIEM products, EDR, NGAV/EDR,SASE/Web Gateways, firewalls, network devices, and intrusion detection/prevention systems; Capable of working independently and collaboratively Familiarity with OSI Model/networking fundamentals; Strong analytical, problem-solving, and critical thinking skills; Excellent verbal and written communication skills Skills, Specialized Knowledge (Desired): Experience with scripting (PowerShell, Python, JavaScript) Familiar with NIST CSF, ISO27001, and other security standards; Experience with querying Splunk (Search Processing Language – SPL) English – At least B2 level