Monitoring \& Investigation: Actively monitor network traffic, system logs, and security alerts for suspicious activity.
SIEM Content Development: Create and fine-tune correlation rules, dashboards, and reporting to detect threats, such as those within the MITRE ATT\&CK framework.
Incident Response: Perform triage and initial investigations, analyzing root causes and providing actionable intelligence.
Threat Detection \& Analysis: Analyze logs from firewalls, EDR, and systems to identify vulnerabilities.
Reporting: Document findings and prepare reports on potential security incidents and security posture
SIEM Proficiency: Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, PaloAlto Cortex XSIAM).
Technical Knowledge: Understanding of network security, infrastructure (firewalls, routers), and OS security.
Security Expertise: Knowledge of threat hunting, UEBA, and SOAR.
Communication: Ability to communicate technical risks to non-technical stakeholders.
Education/Certifications: Bachelor's degree in IT/Cybersecurity preferred, along with certifications such as CompTIA Security or GIAC
