Responsibilities
- Monitor security alerts, ticket queues, dashboards, and threat intelligence sources to detect and resolve potential security incidents.
- Apply the NIST incident response lifecycle, including detection, containment, eradication, and recovery phases.
- Conduct preliminary analysis, prioritize, and resolve alerts from cloud, identity, endpoint, and email security systems.
- Utilize SIEM, EDR/XDR, email security platforms, and query/scripting tools for investigation and automation.
- Carry out vulnerability management tasks such as tracking vulnerabilities, verifying fixes, and keeping records updated.
- Maintain security systems, devices, and tools in alignment with industry best practices.
- Regularly evaluate cloud and network security configurations against established security standards.
- Respond to reported phishing emails and process requests to release quarantined messages.
- Manage the organization’s security awareness training, including conducting simulated phishing exercises to meet compliance requirements.
- Assist in advancing cybersecurity projects and enhancing the maturity of the security program.
- Maintain and refine security dashboards, metrics, and periodic reports for executive review and audits.
- Document and optimize operational workflows to increase efficiency and consistency.
- Support internal and external security audits by gathering evidence and organizing documentation.
- Work with IT teams to promote adherence to cybersecurity best practices across the organization.
- Participate in an after-hours on-call schedule to address urgent security incidents.
Other
Participate in after-hours on-call rotation and respond to critical security alerts after hours.
