Analyzes security event data for attack patterns and understanding attacker tactics; creates automated log correlations in a SIEM to identify anomalous and potentially malicious behavior; interprets IOC’s and uses them efficiently for alerting; creates technical documentation around the content deployed to the SIEM; determines and improves the fidelity of correlation rules to reduce false positives; recognizes patterns and inconsistencies that could indicate complex cyber- attacks; develops SIEM correlation rules to detect new threats beyond current capabilities; manages appliance or virtual appliance OS and SIEM software; creates innovative solutions to automate and reduce timeframes for operational changes as well as the initial installation of the platform; creates rules for compliance and audit requirements and create and manage Watch Lists for current threats; performs formal Architectural Review; creates custom rules/rule modifications and custom reports/ report modifications as needed; adds/removes log sources and
troubleshoots issues with log sources or systems with the vendor, and report system defects as needed; manage product enhancement/feature requests with vendors as needed; performs software upgrades, updates, and patches as needed; assist with designing and documenting work processes within the SOC.
Education: Bachelor’s Degree in Engineering, Computer Information or Information Technology, Cybersecurity or Information Assurance or equivalent work experience of 5 or more years.
Certifications: GIAC Defensible Security Architecture (GDSA), GIAC Certified Detection Analyst (GCDA), GIAC Certified Incident Handler (GCIH), GIAC Security Operations Certified (GSOC), GIAC Continuous Monitoring Certification (GMON)