Summary of the Role:
The SIEM Analyst is responsible for the security analysis, incident classification and incident response actions including notification and alerting. Monitors for possible security incidents, using knowledge of attack types and standard protocol behavior to classify incidents, comment, and provide advice on mitigation or remedial actions to the client.
As an SIEM analyst, you will also be responsible for Technical Escalation Point during security incidents, establishing the extent of an attack, the business impacts, and advising on how best to contain the incident along with advice on systems hardening and mitigation measures to prevent a re-occurrence.
General Duties and Objectives
- Perform daily system monitoring and reviewing of log data on the SIEM, build searches, check for alarms, drill down through log sources, identify event logs, events and alerts.
- Run phishing campaign email
- Check suspicious attachments or emails reported by employees
- Check and resolve basic antivirus alerts.
- Develop and maintain installation and configuration procedures.
- Assist in the repair and recover from hardware or software failures.
About the Ideal Candidate
- 4-6 years of experience analyzing malicious traffic and building detections
- 4-6 years of experience in applications security, network security, systems security
- Hands on knowledge on programming languages, like Python
- Customer-facing platform implementation experience, including use case development, assessment, planning, execution, and operations
- Should have sound/good technical knowledge in SIEM platform components and applications
- Should have experience on tools and technologies expected: SIEM, UEBA, NTA, EDR, AV/AM, SOAR