Performs second level investigation and responds to alerts generated by Security Operations tooling such as IDS/IPS, SIEM, Web Proxy technologies
Perform second level investigation and responds to user reported threats such as phishing and social engineering
Participates in the ongoing administration of SIEM, IDS/IPS, Web Proxy, NGAV, EDR/XDR tooling
Participates in Incident Response activities as a support resource through the entire Incident Response life-cycle
Apply or recommend adaptive security measures based on investigative findings and threat monitoring
Performs second level triage of vulnerability bulletins and results from Vulnerability Management programs, participating in escalating and recommending remediation activities
Perform threat hunting based on Tactics, Techniques and Procedures (TTPs) and threat reporting from information sharing organizations (US-CERT, FS-ISAC, etc.)
Advise management on best practices, current trends, and pertinent changes in internal/external threats and opportunities for improvement. Presents action plans for implementation and approval
Documents and provides a report of all analyst activity (SOC Analyst Diary) to SOC leadership on a routine basis to allow for adjustment in overall SOC posture and health
Provide technical expertise to support vendor and project reviews
Performs all other duties and special projects as assigned.