Monitor various security tools to identify potential incidents, network intrusions, and malware events, etc., to ensure the confidentiality, integrity, and availability of the company's architecture and information systems are protected.
Generate trouble tickets and perform initial validation and triage to determine whether incidents are security events using open-source intelligence (OSINT).
Review and analyze log files to report any unusual or suspect activities.
Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating.
Follow established incident response procedures to ensure proper escalation, analysis, and resolution of security incidents.
Analyze and correlate incident event data to develop preliminary root cause and corresponding remediation strategy.
Provide technical support for new detection capabilities, recommendations to improve upon existing tool...