--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SOC Analysis • Monitor security alerts and events from various sources (e.g., SIEM, firewalls, IDS/IPS, endpoint protection).• Analyze and investigate security incidents to determine their severity and impact.• Respond to security incidents, including containment, eradication, and recovery actions.• Perform threat intelligence analysis to identify potential threats and vulnerabilities.• Conduct root cause analysis and provide recommendations to prevent future incidents.• Collaborate with other IT and security teams to enhance threat detection and response capabilities.• Maintain and update incident response playbooks and procedures.• Generate security reports and provide insights to management and stakeholders.• Participate in continuous improvement activities for SOC processes and tools.SIEM Administrator• Install, configure, and maintain the SIEM platform, ensuring optimal performance and availability.• Integrate various log sources, including firewalls, IDS/IPS, servers, and applications, into the SIEM.• Develop and fine-tune correlation rules, alerts, and dashboards for effective threat detection.• Monitor and troubleshoot SIEM infrastructure issues, ensuring system health and stability.• Perform regular updates, patches, and upgrades to maintain security and functionality.• Collaborate with SOC analysts and incident response teams to optimize alerting and investigation processes.• Generate custom reports and provide insights on security events and incidents.• Ensure compliance with regulatory requirements and security policies through proper log retention and management.• Conduct regular system audits and performance assessments to identify and resolve issues.• Provide training and support to SOC team members on SIEM functionalities and usage.
