- Conduct 24/7 continuous monitoring of security events and alerts using various security tools, such as SIEM and endpoint protection.
- Perform initial triage of security alerts to determine their validity and severity, identifying false positives or true positives.
- Conduct basic investigations of security events, including malware infections and unauthorized access attempts.
- Escalate complex or highly suspicious alerts for further investigation and response.
- Maintain details records of all activities, including investigations performed, findings and remediation steps taken.
- Collects data, evidence, and context necessary for further escalation.
- Analyze security logs, events and perform correlation and historical searches to determine the extent and impact of a security compromise.
- Handling case management, generating tickets and reports when required, and tracking open tickets until closure.
- Willing to work with 12 hours shift pattern that include weekend and public holiday.
- At least 2 to 5 years' of experience working in SOC environment
- Strong knowledge and experience in SIEM tools, EDR, NDR
- Strong experience in SOC environment, monitoring security events and alerts on endpoint and network
- Strong Interpersonal and communication skills
x
