Roles & Responsibilities:
Security Incident Response & Threat Management
- Lead incident response efforts by validating, triaging, and escalating security alerts from multiple sources (XDR, SIEM, Proofpoint, MSSP).
- Investigate unresolved malware alerts in XDR and ensure proper remediation workflows are followed.
- Conduct AWS detection monitoring gap analysis to improve coverage of cloud-based security threats.
- Investigate DNS lookup failures, authentication anomalies, and escalation alerts to prevent security incidents.
Security Automation & MSSP Integration
- Overhaul and maintain the SOAR platform (Barricade) to improve automated response workflows and integrate new use cases.
- Complete TSI (Threat Signal Integration) API integration with ServiceNow to streamline MSSP alerts and ensure pre-reviewed alerts before ticket escalation.
- Collaborate with the MSSP (Cyderes) to ensure escalations and detections are properly handled and fine-tuned.
SIEM & Security Data Onboarding
- Onboard and manage new data sources in Splunk, ensuring proper normalization and parsing of security logs.
- Review and optimize firewall rule logging to balance security visibility and cost-effective Splunk licensing.
- Create and refine security monitoring use cases in Splunk, Cortex XDR, Proofpoint, and Akamai.
- Develop Akamai logging and security use cases to detect web-based threats and improve attack visibility.
Endpoint & Email Security
- Manage Cortex XDR configurations and ensure all critical assets are covered.
- Deploy and configure mobile endpoint security solutions (XDR on mobile devices) to protect against phishing and malware threats.
- Review and update Proofpoint email security policies (DMARC, SPF, TAP, TRAP) to enhance email threat detection.
Security Governance & Policy Implementation
- Ensure proper handling of service accounts and privileged access review processes.
- Develop and implement USB security policies in XDR to prevent unauthorized data exfiltration.
- Conduct policy testing on limited devices before full security rollouts.
Must Have Technical/Functional Skills:
Security Operations & IR Experience:
- 2+ years in Security Operations (SecOps), Incident Response (IR), or SOC environments.
- Deep knowledge of incident response frameworks (NIST, MITRE ATT&CK, CIS Controls).
✅SIEM & Log Management:
- Strong hands-on experience with Splunk, including log onboarding, parsing, and alert tuning.
- Experience analyzing Windows, Linux, cloud, and network logs.
✅Endpoint & Network Security:
- Experience managing and configuring Cortex XDR, Proofpoint, and firewall security policies.
- Deep understanding of email security controls (DMARC, SPF, TAP, TRAP).
✅Security Automation & MSSP Management:
- Hands-on experience with SOAR platforms (Cortex XSOAR, Splunk Phantom, or Barricade SOAR).
- Experience with MSSP integrations, including API-driven automation with ServiceNow.
