Monitor client environments using SIEM platforms to detect, triage, and respond to cybersecurity threats in accordance with agreed SOPs and industry best practices
Analyse and investigate security alerts; perform deep-dive log analysis across system and OS layers to establish baselines and identify anomalous behaviour
Map threat tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework and construct plausible attack-path hypotheses to inform containment actions
Produce escalation reports and notes; manage triage workflow and identify improvements to automation playbooks
Conduct IOC-based reactive threat hunts against limited TTPs
Operate SIEM, SOAR, EDR, and wider security tooling within the scope of the service engagement
Perform indicator of compromise (IOC) searches and triage incoming threat intelligence to assess relevance to client assets