SOC/SIEM-L3

Technical Competency : L3

• Competent in managing security events using SIEM tools.

• L3 level of investigating escalated incidents from L2 with support.

• Suppress IOC's creating huge traffic /  block IOC's if compromised. 

• Isolate machine is found to be compromised. 

• Conduct extensive investigation -Incidents Summary from Log source – detailed report with recommendations.

• Examine alert statistics to identify the RCA and address security warnings in accordance with SLAs.

• Manage tasks in workflows, playbooks, algorithms, or by developing SOP for new use cases.

• Manage the incident governance report to emphasize the performance and lower false positive alerts.

• Provide on-call support for projects pertaining any ransomware attacks or SIEM problems.

• Collaborate with Remediation team to improve internal processes through technology and security upgrades.

• Associate with Team members to automate repetitive task in order to find efficient progress.