Tech Stack

Description

You will be responsible for improving the Security Logging Monitoring Program by maturing tools, processes, and playbooks to reduce dwell time. You'll handle SOC monitoring, incident triage, and response using cloud-native SIEM platforms in AWS and enterprise IT environments.

Requirements

• Minimum 2 years experience in mature SOC environments
• Security monitoring and incident response in AWS cloud
• Experience with cloud SIEM/SOAR platforms, DDoS mitigation, Layer-7 web security controls
• Understanding of network intrusion methods, containment, ID/PS, sandboxes
• Ability to operate EDR, EPP, Device Management solutions; decent programming skills

Responsibilities

• SOC monitoring, use-case building, triage and advisory using cloud-native SIEM platforms
• Initial triage of security events and incident documentation throughout Incident Response Lifecycle
• Automate and operate security solutions: EDR/EPP, Firewalls, IDS/IPS, Email Security, VPN, MDM
• Leverage threat intel feeds to sweep environments against APT campaigns
• Prepare status reports and follow up with stakeholders via Jira and Incident Management platform