Security Information and Event Management (SIEM):
- Manage and operate SIEM systems (Splunk, ELK) for real-time security event monitoring and analysis.
- Create, refine, and maintain SIEM correlation rules to identify potential security incidents.
- Conduct threat hunting activities to proactively identify and mitigate potential security risks.
Endpoint Detection and Response (EDR):
- Manage and utilize EDR solutions (Crowdstrike) for endpoint threat detection, investigation, and response.
- Analyze EDR alerts to identify suspicious activity and potential malware infections.
- Remediate endpoint threats according to established procedures.
ServiceNow/Remedy and SOAR Tools:
- Utilize ticketing systems (ServiceNow/Remedy) to document, track, and manage security incidents.
- Work with SOAR tools to automate incident response workflows and improve efficiency.
Storage Management:
- Manage Network Attached Storage (NAS) devices for secure storage of security data.
Cloud Security:
- Possess a strong understanding of cloud security principles and best practices (Azure/AWS).
Cybersecurity Expertise:
- Demonstrate a deep understanding of various cyberattacks, techniques, and procedures (TTPs).
- Analyze event logs, conduct forensic investigations using tools like Wireshark/Nmap/TCPdump