Monitor client environments using SIEM and/or EDR platforms to detect, triage, and respond to cybersecurity threats in accordance with agreed SOPs and industry best practices
Analyse and investigate security alerts escalated from client teams, MSSPs, and internal systems; lead or support incident response through to closure
Triage alerts from the SIEM to identify notable alerts for escalation, based on established operating procedures or industry best practices
Advise clients on possible follow-up actions and remediation measures for escalated alerts
Respond to incidents and critical alerts outside of office hours when required
Perform indicator of compromise (IOC) searches and triage incoming threat intelligence to assess relevance to client assets
Gather and report on threat intelligence using the client's Threat Intelligence Platform
Coordinate with client stakeholders including IT...