Key Responsibilities
- Monitor, triage, and analyze security alerts from SIEM/EDR tools across cloud and on-premises environments, including Azure, AWS, and Microsoft 365
- Tune detection rules and playbooks to improve coverage and reduce false positives, ensuring high-quality case documentation in ServiceNow
- Investigate and classify alerts using structured analysis methods, including kill chain and diamond model approaches, with a focus on identity and access anomalies in Okta/Entra ID
- Support incident response by coordinating containment actions such as endpoint isolation and account disablement with IT Operations and external partners
- Coordinate vulnerability remediation tracking, prioritizing findings with risk context and validating closure to reduce exposure
- Contribute to SOC metrics and reporting, including MTTD/MTTR, and maintain audit-ready documentation for FFIEC/GLBA compliance
Requirements
- Experience with SIEM/EDR platforms, cloud security (Azure/AWS), and identity management tools (Okta/Entra ID)
- Proficiency in structured analysis methods (kill chain, diamond model) and threat hunting techniques
- Familiarity with vulnerability management processes and incident response workflows
- Strong documentation skills for operational continuity and audit readiness
- Ability to work in a blended alert-driven and proactive threat hunting environment