Responsibilities

• Monitor SIEM, EDR & XDR dashboards to identify and validate security events in real-time.
• Perform deep-dive analysis on suspicious activity using logs, telemetry, and threat intelligence.
• Exercise investigative autonomy: Move beyond the initial alert to determine the full scope and blast radius of a threat.
• Follow established playbooks & runbooks for incident handling and escalation.
• Correlate logs from multiple sources to verify incidents.
• Playbook Execution & Creation
• Strictly follow established SOPs and Playbooks to ensure consistent incident handling.
• Playbook Authoring: Identify gaps in current processes and draft new playbooks to automate or standardize responses to emerging threats.
• Continuously tune and refine existing alerts to reduce false-positive rates (FPrate).
• Incident Documentation & Escalation
• Create detailed, technical tickets that ...