DESCRIPTION

Work in shifts 24/7

· Real-time monitoring (SIEM Splunk)

· Monitoring of security cases received through alerts in security tools.

· Performing level 1 triage of incoming issues (initial determination of incident risk and damage).

· Assessing and prioritizing cases and security incidents.

· Notifying appropriate contacts for security events and response, according to escalation appendix.

· Working on queue according to severity assigned to ticket.

· Escalating issues to Tier II or management when necessary, according to escalation appendix.

· Working closely with the other teams to assess risk and provide recommendations for improving our security posture.

Cyber news collection, analysis, distribution.

· Updating the Knowledgebase.

· Vulnerability assessment using the vulnerability management scan engine.

· Emergency alerts & warnings.

· Closing security incident cases.

REQUIREMENTS

General knowledge of:

· SIEM - Splunk - A Must

· Creating Playbooks

· Network

· Security

· Incident Response

· Cyber threats