Proven experience with microsoft security tools (e.gM365, cloud app security, azure, defender for endpoints, azure security, azure sentinel and xdr Mcse, ccna, gcih, ceh, gcfa or any sans certification Programming skills (python, ruby, php, c, c#, java, perl, and more) Knowledge of email security, network monitoring, and incident response Knowledge of at least one edr solution (redcloak, atp, sentinelone, crowdstrike) Proven knowledge of monitoring aws environment (iaas,saas, paas)ĭeep knowledge of siem tools like splunk, qradar, arcsight, azure sentinel, elk stack Knowledge of transmission control protocol / internet protocol (tcp/ip) protocolsĭeep knowledge of with microsoft security tools (e.gM365, cloud app security, azure, defender for endpoints, azure security, azure sentinel and xdrĭeep knowledge of cloud technologies (e.gAzure, aws and gcp) Integrate and share information with other analysts and other teamsĭetermines remediation and recovery efforts. Responsible for working in a 24x7 security operation centre (soc) environment Open tickets and assigning them to tier ii or other security operation teams after eliminating false positives Manages and configures security monitoring tools Run vulnerability scans and reviews vulnerability assessment reports. Review security events that are populated in a security information and event management (siem) systemĪnalyse a variety of network and host-based security appliance logs (firewalls, nids, hids, sys logs, etc.) to determine the correct remediation actions and escalation paths for each incidentįollows precise analytical paths to determine the nature and extent of problems being reported by tools, e-mails, alerts, etc. Monitor and investigate alerts leveraging edr solutions
Monitor and triage aws security events and detections Monitor and investigate alerts using microsoft security tools (e.gM365, cloud app security, azure, defender for endpoints, azure security, azure sentinel and xdr
Participates in a team of security operations engineers investigating alerts, anomalies, errors, intrusions, malware, etcTo identify the responsible, determine remediation, and recommend security improvements Under the direct supervision of lead, cyber security operations within the close collaboration with the information security services team members in clients and projects to perform the following duties:
0 kommentar(er)
