1. Monitor, triage, prioritize and investigate security events and alerts that are populated in SIEM, Anti-DDoS and / or other deployed solutions.
2. Perform incident response activities such as incident communication, host triage and recovery, remote system analysis and remediation efforts with solid correlation abilities.
3. Analyze phishing emails and variety of security appliance logs to determine the correct remediation actions and escalation paths.
4. Produce post-incident report according to standard operations.
5. Understand and maintain the appropriate knowledge of Security Technologies, (AV, MFA, HIPS, NIPS, SIEM, WAF, DLP, Sandboxing), Operating Systems (MS Windows, Linux), traffic analysis tools (Wireshark, TCPDump), security procedures, and services within the SOC as well as ensuring all tools are functioning properly.
6. Conduct proactive threat hunting research and prepare technical threat reports.
7. Understanding the global threat landscape by analyzing cyber threat intelligence, vulnerabilities and exploit code.