Security Analyst
IG Group
Total des années d'expérience :4 years, 11 Mois
Incident Response (Core) - 24/7 Monitoring and response by SLA.
•Reporting Incidents to Regulators & creating RCA report accordingly.
•Access Management - DLP and Proxy access management for the users to ensure data protection and secure web access.
•Firewall audit - Running periodic audit on infrastructure firewalls.
•Vulnerability management - Assessing recently discovered world wide vulnerabilities against Nessus and flag the vulnerabilities based on the risk.
•Proposing new SIEM use cases to engineering team, coordinating in SIEM rule creation and rule fine tuning.
•Impersonation reporting - Reporting Impersonation sites and profile against Organization/People associated with the organization to 3rd party vendor.
Monitoring Security Incidents and escalating the true positive incidents to customer by SLA time.
•Providing remediation plan of action and RCA report for the TP Incidents based on incident outcome.
•Threat feed - managing threat feed in SIEM including applying custom threat IOCs based on current booming security attacks.
•Threat report management - creating scheduled reports and custom reports.
•Creating new use-case/rules and fine tuning rules in SIEM system.
•Device Integration - Event source integration into SIEM setup using multiple methods like Syslog, WinRM.