SUMMARY:
Participate as a Member of a Security Operations Monitoring Team.
RESPONSIBILITIES:
Monitor, review and analyze SIEM (security information and event monitoring system) for information, determine potential threats to the environment and act upon threats according to specific processes and procedures.
Monitor, review and analyze a centralized Anti-Virus (AV) and host-based intrusion detection/prevention system (HID/PS) determine potential threats to the environment and act upon threats according to specific process and procedures.
Conduct security event investigations as required.
Report potential and validate threats to the environment within specified time frames.
Provide hands on assistance to assigned incident handlers and forensic specialists as required to remediate threats.
Provide third party investigation assistance as required
Assist in the improvement of security monitoring tools
REQUIREMENTS:
Possess a thorough understanding of TCP/IP and Networking
Possess an understanding of events that are processes by the SIEM
Possess a detailed understanding of AV and HIDS
Report threat information utilizing web based interfaces and support systems
Conduct and assist with investigations and threats are required
Possess a thorough understanding and demonstrated experience with Chain of Custody
NO THIRD PARTIES