Cybersecurity Analyst

. Monitoring and Alerting Improvements

•       Evaluate and improve the monitoring and alerting processes. Correlate SIEM events and fine tune SIEM to identify and alert on potential threats and incidents.

•       Recommend and implement enhancements to improve the efficiency and effectiveness of threat detection.

•       Assist in integration of threat intelligence feeds into security monitoring and response processes.

5. Threat Hunting

•       Continuous monitoring of threat intelligence sources for emerging threats and vulnerabilities.

•       Develop custom hunting techniques and queries tailored to the organization's environment, threat landscape, and security objectives.

•       Utilize threat intelligence, attack frameworks, and behavioral analytics to guide hunting efforts.

•       Use threat intelligence feeds, sandbox analysis, and open-source tools to identify and verify Indicators of Compromise IOCs.

•       Investigate unusual or suspicious behaviors that deviate from normal network or user activity patterns.

•       Look for signs of lateral movement, privilege escalation, data exfiltration, or other indicators of advanced attacks.

•       Monitor privileged accounts, high-risk users, and unusual activities that may indicate insider abuse or compromise.

•       Conduct in-depth analysis of endpoint logs, system artifacts, and memory forensics to identify signs of compromise or malicious activity.

•       Look for suspicious processes, registry modifications, file creations, or network connections indicative of malware or attacker presence.

•       Proactive threat hunting to identify emerging or undetected threats and vulnerabilities within the network and identify potential security risks and gaps in defenses.

•       Conduct regular threat hunting exercises using both automated tools and manual techniques.

•       Enhances the ability to adapt to an evolving threat landscape, reducing dwell time and potential impact of attacks.

•       Perform proactive threat-hunting activities monthly, with detailed reporting metrics included in the monthly briefing to the InfoSec team.

Candidates need to have certifications in these areas or similar certificates:

i) Certified Information Systems Security Professional (CISSP) ii) Certified Information Security Manager (CISM) iii) Certified Ethical Hacker (CEH) iv) GIAC Certified Incident Handler (GCIH) v) GIAC Security Essentials (GSEC)