محلل أمان تكنولوجيا المعلومات

1. Provide communication and escalation throughout the incident per the Security Incident Management process.
2. Prioritize and differentiate between potential intrusion attempts and determine to treat the alert as a security incident and assign a severity level to apply proper mitigation based on the severity.
3. Collect contextual information to close or escalate the security incident to the Incident Response function for further investigation to find the root cause.
4. Provide consistent and accurate incident feedback to Incident Monitoring, support forensic, event documentation and malware analysis as required to maintain the integrity of the investigation.
5. Monitor and analyse network traffic, security events and logs for Intrusion Detection Systems/ Intrusion Prevention Systems (IDS/IPS), Firewalls, Email Security Gateways, File integrity monitoring, DB Monitoring, Proxy solutions, Windows Event Logs, AIX/Linux systems logs, Application Logs, Endpoint security solutions, Data Leakage prevention solutions.
6. Identify false positives and work with appropriate team members for alert tuning.
7. Perform quality review of tickets for documentation accuracy and validation of ticket context.
8. Support in the daily, monthly, Quarterly and Yearly security posture, Security Operations Center (SOC) and executive reporting and dashboards.
9. Develop tools or scripts to automate repeatable tasks, to streamline manual process, in order to support security investigation.
10. Enhance detection capabilities by providing recommendations for security monitoring devices such as IDS/IDS and Security Information & Event Management (SIEM).
11. Proactively review raw logs for anomalous activity from different sources.
12. Participate in evaluating and recommending security solutions to ensure catering for logging and monitoring requirements in any system to fulfil SOC core objectives.
13. Work with Threat Intelligence to write and improve Runbooks and update documentation.
14. Monitor all log sources heart beat and report/investigate issues to ensure maintaining healthy logs to avoid any failure of data collection and impacting the core SOC monitoring function.