Aug 2022 – Jul 2024 · 1 yr 11 mos · On-site

• SIEM Monitoring and Analysis: Oversee general SIEM monitoring, analysis, and maintenance, including the delivery of comprehensive reports.
• Alert Management: Conduct research, analysis, and response for security alerts, including log retrieval, analysis, and thorough documentation.
• Network Traffic and Host Activity Analysis: Perform detailed analysis of network traffic and host activity across various technologies and platforms.
• Incident Response Support: Assist in incident response activities, including host triage, malware analysis, end-user interviews, and remediation efforts.
• Report Compilation: Compile detailed investigation and analysis reports for internal SOC use and
• delivery to management.
• Security Event Analysis: Analyze network traffic, IDS/IPS/DLP events, packet captures, and firewall logs
• to identify potential threats.
• Malicious Campaign Analysis: Evaluate and analyze malicious campaigns to assess the effectiveness of
• security technologies.
• Threat Hunting: Coordinate and conduct threat hunting activities using intelligence from both internal
• and external sources.
• Threat Actor Identification: Identify and track threat actor groups, along with their techniques, tools, and
• procedures.
• Process Improvement: Continuously improve processes for enhanced efficiency across multiple detection
• sets in Security Operations.
• Alert Review and Adjustment: Review detection infrastructure alerts for false positives, making necessary
• adjustments to optimize alert accuracy.
• IOC Management: Collect, analyze, investigate, store, and disseminate indicators of compromise (IOCs).
• Comprehensive Analysis: Provide in-depth analysis of network packet captures, DNS, proxy, NetFlow,
• malware, host-based security, and application logs, as well as logs from various security sensors.

Aug 2022 – Jul 2024 · 1 yr 11 mos · On-site