Monitor andanalyse IDS, analyses network traffic, logs analysis, prioritiseand differentiate between potential intrusion attempts and falsealarms.
Work with Cyber Threat Intelligence solutions to identifythreats, develop or recommend countermeasures, and perform advancednetwork and host-based analysis in the event of acompromise.
Recommend system tuning,customization, improvement and expansion of the Cyber ThreatIntelligence feed and toolset.
undertakingthreat hunting exercises using EDR tools and SIEM platform toidentify threats, determine root cause(s), scope, and severity ofeach and report findings.
Classify suspicious binaries, identify C2traits and develop network and host-based IOCsAdvise incidentresponders in the steps to take to investigate and resolve computersecurity incidents.
Regularly review standardoperating procedures, and protocols, to ensure SOC continues toeffectively meet operational requirements, and conduct"after action" reviews to identify lessonslearned and best practices