SUMMARY:

Participate as a Member of a Security Operations Monitoring Team.

RESPONSIBILITIES:

Monitor, review and analyze SIEM (security information and event monitoring system) for information, determine potential threats to the environment and act upon threats according to specific processes and procedures.

Monitor, review and analyze a centralized Anti-Virus (AV) and host-based intrusion detection/prevention system (HID/PS) determine potential threats to the environment and act upon threats according to specific process and procedures.

Conduct security event investigations as required.

Report potential and validate threats to the environment within specified time frames.

Provide hands on assistance to assigned incident handlers and forensic specialists as required to remediate threats.

Provide third party investigation assistance as required

Assist in the improvement of security monitoring tools

REQUIREMENTS:

Possess a thorough understanding of TCP/IP and Networking

Possess an understanding of events that are processes by the SIEM

Possess a detailed understanding of AV and HIDS

Report threat information utilizing web based interfaces and support systems

Conduct and assist with investigations and threats are required

Possess a thorough understanding and demonstrated experience with Chain of Custody

NO THIRD PARTIES