Monitor and analyse IDS, analysesnetwork traffic, logs analysis, prioritise and differentiatebetween potential intrusion attempts and false alarms.
Work with Cyber Threat Intelligence solutions to identifythreats, develop or recommend countermeasures, and perform advancednetwork and host-based analysis in the event of acompromise.
Recommend system tuning,customization, improvement and expansion of the Cyber ThreatIntelligence feed and toolset.
Leverageinternal and external resources to research threats,vulnerabilities, and intelligence on various attackers and attackinfrastructure
Proactively drive hunting andanalysis; undertaking threat hunting exercises using EDR tools andSIEM platform to identify threats, determine root cause(s), scope,and severity of each and report findings.
Classify suspicious binaries, identify C2 traits anddevelop network and host-based IOCs
Adviseincident responders in the steps to take to investigate and resolvecomputer security incidents.
Regularly reviewstandard operating procedures, and protocols, to ensure SOCcontinues to effectively meet operational requirements, and conduct"after action" reviews to identify lessonslearned and best practices