Experience with SIEM vendors such as QRadar, Sentinel, Splunk
• Incident response and threat hunting expertise
• Strong knowledge of attack patterns, Tools, Techniques, and Procedures (TTPs)
• Experience in writing procedures, runbooks, and playbooks
• Strong analytical and problem-solving skills
• Hands-on experience with system logs, network traffic analysis, and security tools
• Proficiency in identifying Indicators of Compromise (IOCs) and Advanced Persistent Threats (APTs)
Good-to-Have Skills:
• Experience setting up SIEM solutions and troubleshooting connectivity issues
• Familiarity with security frameworks and best practices
• Ability to collaborate with IT and security teams effectively
Responsibilities:
• Act as an escalation point for high and critical severity security incidents
• Conduct in-depth investigations to assess impact and understand the extent of compromise
• Analyze attack patterns and provide recommendations for security improvements
• Perform proactive threat hunting and log analysis to detect potential threats
• Provide guidance on mitigating risks and improving security hygiene
• Identify gaps in security processes and propose enhancements
• Ensure end-to-end management of security incidents
• Document and update incident response processes and define future outcomes
• Participate in war room discussions, team meetings, and executive briefings
• Train team members on security tools and incident resolution procedures