Improves the effectiveness and efficiency of the Security Operations Center (SOC) by leading initiatives that enhance security orchestration, automation, and response (SOAR).
Develop and maintain standard operating procedures (SOPs) and runbooks for incident detection, analysis, and response processes.
Monitors log and event output from multiple information security tools including but not limited to SIEMs, firewalls, intrusion prevention systems, secure web gateways, security email gateways, threat intelligence platforms, antivirus products, vulnerability scanners and user behavior analytics platforms.
Train/Coach security awareness training and exercises to educate SOC L1 on best practices for cybersecurity hygiene and incident response.
Performs routine but critical information security technology tasks including but not limited to IPS signature review and testing, firewall rule...