.png)
-
Job Description:
- Investigate escalated alerts from L1 and assess threat impact, scope, and root cause.
- Mentor & coach L1 in investigating & analyzing the security events with SIEM & XDR tools as needed.
- Provide timely incident response support in coordination with IT and business units.
- Perform threat intelligence analysis and correlate external IOCs/TTPs.
- Design and implement strategies to contain threats and to initiate recovery efforts in coordination with relevant teams.
- Review and refine detection rules, correlation logic, response playbooks, and incident response procedures to maintain relevance and effectiveness.
- Perform continuous threat hunting as a proactive activity against emerging cyber threats within the existing SIEM tools.
- Create and maintain SOP & response documentation.
- Maintain and update change management and incident tracking calendars.
- Maintain detailed hunt documentation, findings, and recommendations for remediation and prevention.
- Create and maintain detection content aligned with MITRE ATT&CK and other threat frameworks.
Requirement:
- Graduates from D3, D4, or S1.
- 3-5 years of working experience as an L1 Security Analyst.
- In-depth understanding of network and endpoint security.
- Hands-on experience with SIEM (Splunk, Sentinel, QRadar, Elastic), XDR, tools (e.g., Cortex, Ms Defender, TM-Vision1, CrowdStrike, SentinelOne).
- Knowledge of threat intelligence, IOCs, and MITRE ATT&CK framework.
- Understanding of the incident response lifecycle.
- Familiarity with vulnerability assessment methods.
- Intermediate analytical and investigative skills.
- Ability to correlate data from multiple sources.
- Clear documentation and reporting skills.
- Effective communication with technical and non-technical teams.
- Incident handling under pressure.
- Having one or a few of these certifications would be an advantage: Blue Team Level 1 (BTL1) by Security Blue Team, CIHE, ECIH, CHFI, BTL2, eJPT, eWPT, CEH, eCTHP, CompTIA Cybersecurity Analyst (CySA+), MS-200