Advanced Analytics:
– Design, develop, and refine detection rules and use cases for SIEM platforms (e.g., Sentinel and ArcSight).
– Create and maintain advanced security detection capabilities for both network and endpoint environments.
– Continuously improve the SOC’s detection framework, ensuring that emerging threats are accurately identified and mitigated.
– Research and analyze external and internal threat intelligence sources to understand threat actor tactics, techniques, and procedures (TTPs).
– Develop actionable threat intelligence reports and integrate them into the organization’s detection and response processes.
– Utilize threat intelligence platforms and data feeds to enhance detection capabilities and provide proactive defense mechanisms.
– Identify key threat indicators and correlate threat data with security events to identify potential risks and breaches.
– Lead investigations into security incidents, providing detailed analysis of threats and their impact on the organization.
– Develop detailed reports on incidents and make recommendations for remediation and further detection improvements.
– Conduct post-incident analysis to identify gaps in detection and response, and implement improvements based on lessons learned.
– Proactively hunt for threats by analyzing network traffic, system logs, and endpoint data.
– Identify hidden or anomalous activities that could indicate advanced persistent threats (APTs) or other sophisticated attacks.
– Leverage automation and orchestration to streamline security operations and response.
– Continuously evaluate and implement new security technologies and methodologies to improve detection, intelligence integration, and overall defense.
– Develop and present reports on threat intelligence trends, detection engineering activities, and incident response findings to stakeholders.
– Stay current with cybersecurity trends, vulnerabilities, and emerging attack techniques.