Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
Perform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal action
Interface with technical personnel and others teams as required
Make recommendations on the appropriate corrective action for incidents
Configure and manage Infrastructure Security and SIEM solutions.
Design, develop and create correlation rules within the Security Information and Event Management (SIEM) platform
Monitor devices and correlation tools for potential threats
Initiate escalation procedure to counteract potential threats/vulnerabilities
Experience building and maintain security incident correlation content (hands-on)
Experience with reverse engineering tools and techniques as it pertains to network traffic collection and analysis
Operational knowledge of system and network security engineering best practices and architecture
Willingness to engage hands-on from inception to complete and audit to SIEMs deployment
Provide guidance and insight, as well as follow directives as necessary to complete accelerated deployment of the SIEMs
Capable and willing to integrate multiple security control production into the SIEMs platform
Appropriately inform and advise management on incidents and incident prevention
Encourages and implements continuous improvement measures on day-to-day basis
Leverages extensive knowledge of communications in a manner that provides business value to the IT Organization
Required to identify, assess, and resolve complex issues/problems within own area of responsibility
Provide Incident remediation and prevention documentation
Document and conform to processes related to security monitoring
Participate in knowledge sharing with other analysts and develop solutions efficiently
Coordinate or participate in individual or team projects
Write technical articles for internal knowledge base
Provide performance metrics as necessary
Develop and optimize technical processes and coordinate procedure documentation.
Security device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.)
Hands on experience in supporting AWS and Azure Assets, especially supporting Splunk deployment in AWS/Splunk ES as a service
Experience in deploying different type of forwarders and Apps
Deep knowledge in AWS services and serverless architecture
Expertise in UNIX, Linux, and Windows - able to tear down and rebuild a host system
Experience with Database installation and configuration is required and Oracle experience is a plus
Exploit and detection analysis skills, including ability to analyze logs for useful information and patterns
Install, configure, tune, and maintain the Splunk SIEM components
Primarily focus on content creation regarding advanced threat analysis (rules, variables, trending, watch lists, etc) of incoming data and for self-monitoring of the solution itself.
Perform supporting tasks such as system hardening, high availability configurations, and developing backup strategies.
Assist with the creation of detailed deployments plans, architectural drawings and operation manuals.
Assist with event source auditing configurations, integration with various security platforms, network devices, and systems
Expert in development of Regular Expression (REGEX)
Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.
Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management.
A solid understanding of frameworks such as ISO 27001/27002, COBIT, and other relevant compliance such PCI, HIPAA, SOX, FISMA, and others those are required for Security Information and Event Management.