Responsible for the daily real time monitoring and analysis of security events /threats from multiple sources
Triage security incidents including unauthorized access, phishing, malware infection etc.
Refine current use cases implemented on the SIEM solution to reduce/minimize false positives
First point of contact for Cybersecurity incident and responsible for incident investigation and response activities including
conduct forensic analysis
determine cause and extent of breach
corelate findings with existing network/application
recommend remediation/recovery plans
prepare timely, detailed, and accurate incident report update
Provide post-incident reports for management and stakeholder encompassing easy to understand accurate details on risk, impact, like hood, containment and remediation, threat actors.
Build and design security incident playbook
Conduct table-top exercise / cybersecurity drills
Stay current with the latest Cyber threats, tactics and vulnerabilities and updated with evolving attack techniques