Advanced Incident Response & Escalation : Act as the Tier 2 Escalation Point for all validated threats filtered by the L1 team. Conduct deep-dive forensic analysis on endpoints, memory, and network traffic to identify root causes. Lead containment and eradication efforts for multi-stage attacks (e.g., ransomware, business email compromise). Maintain up-to-date awareness of the current threat landscape, including malware, phishing attacks, and APTs. Create/review/modify documentation as needed to ensure processes and procedures are standard and up to date. Produce daily/weekly/monthly SOC reports. Define, create, and maintain SIEM correlation rules, customer build documents, security processes and procedures.
Threat Hunting & Detection Engineering : Proactively hunt for stealthy threats that bypass automated controls using the MITRE ATT&CK framework. Develop and deploy custom SIEM correlation rules and EDR queries to detect adv...