The Threat Monitor function is responsible for monitoring security events and conducting initial investigation and escalation in accordance with documented response manuals.
The Threat Monitoring and Triage function is responsible for monitoring security alerts which includes analysis of threat alerts, escalation of security alerts, false positive assessment, contextual data collection, threat classification, initial triage and prioritization, suggestions for response, closing or escalation of alerts to response groups or Level 2/Level 3.
• Real-time “eyes on glass” monitoring
• Monitoring incoming security events through alerts from SIEM
• Perform a triage of incoming alerts (initial evaluation of event priority, initial qualification of the incident to identify risks and damages)
• Perform preliminary analysis and investigation of security alerts
• Notification and escalation to the appropriate contact for a response
• Provide treatment/countermeasure recommendations, if applicable
• Set alert prioritization options based on the severity of the security incident
• Must be able to work in 24×7 shifts
• Strong knowledge and experience with network protocols
• The ability to track an endpoint on the network based on card information
• Familiarity with system log information and what it means
• Understanding of common network services (Web, Mail, DNS, Authentication, AD, DHCP, NAT)
• Understanding of common communications services.
• Knowledge of host-based security tools such as Anti-Malware, and EDR
• Knowledge of packet analysis and logs
• Experience with security assessment tools (NMAP, Nessus, Metasploit, Netcat)
• General knowledge of desktop operating system and server operating system
• Strong analytical and problem solving skill
• Previous experience in SIEM and SOAR
• Knowledge of threat intelligence platform would be an advantage
Technosys is an IT software company with expertise in best quality website and mobile app development, software development, IoT application, blockchain, cryptocurrency, etc.
We provide you with the best quality and cost effective solutions, with quick response. We provide full services of consulting, development and support to our clients. Our professional team and good experiences are here to provide you with world-class software and application development services. Technosys was established to provide pioneering solutions and integrated services to companies and organizations. We were created with a vision to make the process easier, and to provide our clients with a robust strategic approach and optimized, customizable solutions across various business sectors.