Description
Responsibilities* Analyzing network traffic to identify malicious activity or compromised systems, prevent successful attacks
* Ability to collaborate within the team as well as security engineering and detection engineering teams to improve and build new tailored security detections
* Properly analyze alerts and being able to decipher between and investigation and an incident
* Keep up-to-date on modern attack techniques to continually integrate knowledge into new detections
* Contribute to playbooks, and use cases to protect our cloud
* Building relationships with the other technical teams across our engineering and infrastructure functions
* Perform root cause analysis on incidents
* Maintains situational awareness for cyber threats across the global firm and take action where necessary.
* Work through incident response engagements through containing security incidents, and remediation
* Works mostly independently, translating guidance and direction from management into the best approach to accomplish work.
* Solves moderately complex problems
* Investigate data breaches and malicious activity leveraging forensics tools; analyze Windows, and Linux, in cloud environments to identify Indicators of Compromise (IOCs); examine firewall, web, database, and other log sources to identify evidence of malicious activity.
* Track emerging security practices and contribute to building internal processes, and our various products.
* Be able to respond to incidents with minimal guidance
* Have a detailed understanding of splunk and AWS
* Good to advanced understanding of Splunk, alert creations and creating signatures
* Experience using Splunk, developing, maintaining, and tuning alerts
* Experience with cloud environments or technologies
* Proven knowledge and understanding of security incident types, indicators of compromise (IOCs), Indicators of Attack (IOA), and tools, tactics, and procedures (TTPs)
* Experience responding to incidents and alerts