Description

·         Security Event and log monitoring using a SIEM (IBM Qradar)

·         User and roles management in Qradar

·         Creating log source, performing health check, and troubleshooting the log source when not reporting to Qradar

·         Creating run book for device onboarding, getting the approval with required CAB (Change Advisory Board) members

·         Following up with the security device teams for enabling the required configuration for device integration and port opening

·         Reporting case with IBM Qradar Support team for the issues facing in Qradar Prod and PPE, following up and resolving it

·         Ensure all logs are collected by SIEM, report if logs are not flowing properly in SIEM from various log sources.

·         Troubleshooting log stoppage issues in Qradar

·         Monitoring endpoints activities, blocking the IP’s and hashes through the Cortex XDR Console

·         Analyze data and investigative information in EnCase Forensic Investigator

·         Knowledge of proper forensic investigation techniques when working with compromised system images or files

·         Knowledge of host and network log sources to apply to investigation

·         Troubleshoot EnCase agent issues in the endpoints

·         Installation of agents on non-complaint endpoints

·         Monitoring the different AWS accounts, S3 buckets and other malicious activities in AWS environment through the GuardDuty an AWS native threat detection service

·         Ability to communicate effectively under normal and stressful situations

·         Possession of excellent problem solving analytical, and critical thinking skills

Information