Responsibilities

• Lead incident response efforts, triaging and escalating alerts from XDR, SIEM, Proofpoint, and MSSP.
• Investigate malware alerts, AWS detection gaps, DNS failures, and authentication anomalies.
• Overhaul and maintain the SOAR platform (Barricade) to improve automated workflows.
• Integrate TSI API with ServiceNow to streamline MSSP alerts and ensure pre-reviewed escalations.
• Collaborate with MSSP (Cyderes) to fine-tune detections and escalations.
• Onboard and manage new data sources in Splunk, optimizing security logs and firewall rule visibility.
• Develop and refine security use cases in Splunk, XDR, Proofpoint, and Akamai.

Key Skills

• Strong experience with incident response, threat detection, and security automation.
• Proficient in SIEM tools (Splunk), XDR platforms, and AWS security.
• Experience with SOAR platforms, TSI API integration, and MSSP collaboration.
• Expertise in web security tools (Akamai, Proofpoint) and security use case development.

Posted By