Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues as appropriate
Responsible for monitoring, detection of analysis through various input tools and systems (SIEM, IDS / IPS, Firewalls, EDR, etc.)
Conduct basic red team exercises to test the effectiveness of preventive and monitoring controls
Provides support for complex system/network exploitation and defense techniques to include deterring, identifying, and investigating system and network intrusions
Support malware analysis, host and network, log analysis, and triage in support of incident response
Maintaining and improving the security technologies deployed, including creating use cases, customizing or better configuring the tools based on past and current threats