Security Monitoring - Responsible for the security monitoring and reporting of IT system resources; Responding to and investigating incidents identified by SOC; Defining the monitored activities that are logged and monitored to detect abnormal or unusual activities that may need to be investigated; Providing 24x7 CSIRT response; Preparing management reports; Managing, maintaining, and updating supporting Security Monitoring technologies; Working with technology owners to ensure successful delivery and security of audit/log data.
-Analyze security data including intrusion detection system (IDS) events, system logs, Firewall Logs, network traffic analysis in response to security events and incidents;
-Implement new technologies / processes to support Information Security intrusion detection activities;
-Monitor security intelligence feeds and analyze impact to system infrastructure.
Intrusion Detection - Consult/Assist in the monitoring of network and host security infrastructure. Consult/Assist in the performance of impact assessments and validation of attacks (successful/unsuccessful) against the IT infrastructure; Assist in the design, deployment, and configuration of countermeasures as appropriate; Reviewing/identifying current vulnerabilities, attacks and appropriate countermeasures. Interface with other technology owners to ensure proper detection of potential security issues.
-Understand business impact of security incidents and recommend corrective or preventative action.
Vulnerability Management - Collect vulnerability and threat information from vendors, researchers, and other sources; Perform correlation of threat/vulnerability sources to provide recommendation on potential actions and assessment of overall security threat posture.
Incident Management - Conduct Information Security Investigations/Forensics analysis; Participate in Computer Security Incident Response teams.
-Collect, preserve, and analyze computer evidence in support of Information Security investigations / Incident Response process.