Monitoring security incidents 24/7 from various SOC entry channels such as SIEM, shared email, IDS, IPS, Firewall
• Analyse and investigate security events from various sources.
• Following SOP for examining security alerts and PICERL for evaluating incidents.
• Performing deep-dive analysis, dedicated evaluation for escalated alerts.
• Creating a case in ticketing tool if valid security incident found and assign it to respective team.
• Assisting in remediation planning after security incident has occurred.
• Worked with different clients and their security applications.
• Monitor various security tools health and performance consistently.
• Submitting the reports to the next shift to look after the raised incident i.e shift handover.
• Taking immediate action on indicators of compromised (IOC)-blocking the hash values, blacklisted Ips and domains on respective security devices.
• Email header analysis, spam, spoof and phising emails using the OSINT plat forms
• Firewalls, Log analysis
Should have extensively on EDR and Proxy Bluecoat /Zscaler.