Roles & Responsibilities
Security Incident Response & Threat Management
- Lead incident response efforts by validating, triaging, and escalating security alerts from multiple sources (XDR, SIEM, Proofpoint, MSSP).
- Investigate unresolved malware alerts in XDR and ensure proper remediation workflows are followed.
- Conduct AWS detection monitoring gap analysis to improve coverage of cloud-based security threats.
- Investigate DNS lookup failures, authentication anomalies, and escalation alerts to prevent security incidents.
Security Automation & MSSP Integration
- Overhaul and maintain the SOAR platform (Barricade) to improve automated response workflows and integrate new use cases.
- Complete TSI (Threat Signal Integration) API integration with ServiceNow to streamline MSSP alerts and ensure pre-reviewed alerts before ticket escalation.
- Collaborate with the MSSP (Cyderes) to ensure escalations and detections are properly handled and fine-tuned.
SIEM & Security Data Onboarding
- Onboard and manage new data sources in Splunk, ensuring proper normalization and parsing of security logs.
- Review and optimize firewall rule logging to balance security visibility and cost-effective Splunk licensing.
- Create and refine security monitoring use cases in Splunk, Cortex XDR, Proofpoint, and Akamai.
- Develop Akamai logging and security use cases to detect web-based threats and improve attack visibility.
Salary Range: $100,000 - $110,000 base salary per year
