Security Incident Handling with SIEM Technology. (Experience in any SIEM Tools. e.g. Arcsight, Splunk, Qradar)
Security Incident Analysis with Logs from various devices like Firewall, Windows, Unix, NextGen FW, WAF, AV,EDR, MDR etc.
SIEM authoring for Rules, Reports, Parsers etc.
Should have strong analytical ability and attention in detail to handle incidents.
Should have a broad understanding of all stages of incident response.
Carries out in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted.
Hands on experience on EDR technologies, like crowd strike, MS defender, carbon black etc.
Uses internal and external threat intelligence to search for anomalous behavior, test security controls and perform advanced asset protection.
Identify areas for automation and orchestration to make the overall process more effective and efficient.
Perform root cause analysis of critical incidents and conduct lessons learned with the team.
Understanding of network defense principles, common attack vectors, and attacker techniques.
Sound knowledge in Network and Infrastructure related concepts.
Sound knowledge of SIEM Technology preferably ArcSight.
Hands on experience on EDR and MDR (e.g. Crowdstrike, Carbon Black, MS Defender)
Threat and Incident management experience
Required Skill Set
At least elementary knowledge across infosec domains.
Good Proficiency in at least one of Network Security/SIEM Alert analysis & Incident Management/Application Security/Pen-Testing & Vulnerability Assessment
Good conceptual knowledge on different types of attacks as well as Incident Management.
