Role Skills:
- years Importante empresa as IT Security Operation, SIEM, SOC, Network Security, Threat Analysis or equivalent knowledge. Knowledge of network architecture strongly preferred. Importante empresa in administration of security monitoring tools, such rewalls, IDS/IPS, proxies, SIEM, etc. Importante empresa in performing manual and/or automated security configuration reviews of network devices, servers, and workstations Importante empresa driving remediation, such rewall rule tuning; agent health on endpoints, insecure configurations Understanding of network and system intrusion and detection methods Importante empresa with malware analysis, endpoint detection methodologies and horensic tools Importante empresa managing a threat monitoring program, including process definition, threat assessment, related operational activities and providing security oversight related to the risk mitigation Importante empresa developing SIEM content/use cases with specific Importante empresa writing content rules Expand the usage of security monitoring tools to improvethe security of the environment, including detection, prevention and policy enforcement. Define security configuratir monitoring tools, including alerts, correlation rules, and reporting.Confidencial mínima AÑOS 7 BRERO SOC MUST HERRAMIENTA DE MONITOREO Y LA HERRAMIENTA QUE MONITOREAN ES SIEM LEVER ALGUIEN QUE YA HAYA TRABAJADO EN UN SOC, INVESTIGA Y ANALIZA EL ORIGEN DE LA ALARMA Y PROPONE SOL.NOC MUSTSIEM MUSTIncident Respose & Management. MUSTSecurity Analysis-Security ApplianceAntivirus & antimalware, CUALQUIERADE LOS ,CON CUALQUIER DE LAS SIG HERRAMIENTAS:
Firewall MIPS MWebfilter-MAntispam-MSandboxingVulenrability Management / ANY TOOL SCANEOActivities to Perform:
Reviews tickets/incidents generated or Escalated by L1Collects and analyzes daom affected assrther investigationDetermines and directs remediation and recovery effortsSIEM Management & Rule Tuning (correlation of events)Incident Response:
Containment, Eradication, Recovery (Low incidents)Remediation of well know attacksLeverages the scope of the threatReview of alertsEscalates alerts that require L