Security Incident Investigation

Performs analysis duties, including:

• Development of Data Dictionaries for log sources to confirm which fields and values are needed or useful for Security Monitoring
• Review of available logs to confirm there are adequate quantities and content to usefully provide Security Monitoring
• Triage SIEM alerts to determine False Positive, Incident, or Technology Misconfiguration
• Perform research at the request of Incident Response teams
• Recognize IoCs on networks and host machines.
• Have basic desktop support skills in Windows and Unix environments (ex. password and log locations)
• Configuring and reading packet captures such as Wireshark.
• Provide technical and thought leadership within SOC by:
• Teaching other SOC Analysts about both traditional and unconventional ways to detect, analyze, and mitigate security incidents and other anomalies
• Regularly recommending new SOC practices and approaches to address program improvement
• Perform case management activities to ensure successful BAU Security
• Monitoring Operations, including:
• Documenting case activities in the system of record
• Documenting current case notes sufficient for effective shift handover, as well as reviewing current status via phone call or in person
• Engaging in all forms of communications (e.g. phone calls, instant-messaging, web page updates) to ensure cases are efficiently investigated by all approved parties, regardless of what company, department, or team they are a member of
• Familiarity with handling of digital evidence (chain of command)
• Author Standard Operating Procedures (SOPs), such as:
• Incident detection use caseneeds, logic, and implementation methods
• use casealert triage workflows
• Training documentation
• Recommending, then implementing approved program improvements
• Consults with other IT areas and the businesses and provides professional support for major components of the company's information security infrastructure.
• Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms.
• Consults with the business and operational infrastructure personnel regarding new and existing technologies.
• Recommends new security tools to management and reports and provides guidance and expertise in their implementation.
• Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities.
• Ensures that all significant security concerns are addressed.
• Recommends course of action to mitigate risk and ensures that appropriate standards are established and published.
• Contributes to the achievement of area objectives