Key Responsibilities And Accountabilities
- Investigate and resolve escalated advanced security incidents
- Collect forensic data, analyze root causes, restore systems, and lead containment, eradication, and recovery
- Conduct post-incident reviews to identify and fix gaps
- Mentor L1 analysts on investigations, escalation, and threat mitigation
- Lead SOC knowledge sharing and review escalated cases for proper triage and analysis
- Collaborate with IT, engineering, and compliance to improve workflows and response plans
- Develop training materials and maintain SOC knowledge base aligned with best practices
- Tune detection tools to improve accuracy and reduce false positives
- Manage complex tuning requests and refine detection logic
- Conduct threat hunting on hosts, domains, and networks
- Use threat intelligence to identify and counter emerging threats
- Develop detection rules for network and host threats
- Expand coverage using IOAs (Indicators of Attack) and IOCs (Indicators of Compromise)
- Manage SIEM, EDR, XDR, scanners, firewalls, and email gateways
- Stay updated on threats and mitigation strategies
- Participate in red/blue team exercises
- Create detailed reports on incidents, threats, and SOC performance
- Present briefings to stakeholders
- Ensure documentation is thorough and shared
- Maintain 24/7 SOC readiness
- Escalate complex events, guide junior analysts, and improve workflows and detection
Generating Apply Link...
.png)
