Reference Tasks :
The following list of tasks applies to this reference profile. This list is not exhaustive and may evolve in time :
Real-time monitoring of cyber defense and intrusion detection systems
Automatic-based processing (centralization, filtering and correlation) of security events
Human-based analysis of automatically correlated events
Processing of incoming warnings, alerts and reports
Categorize events, incidents and vulnerabilities based on relevance, exposure and impact
Maintain incident response address book
Provide support to incident responders
Advise affected users on appropriate course of action
Monitor open tickets for incidents / vulnerabilities from start to resolution
Escalate unresolved problems to higher levels of support, including the incident response and vulnerability mitigation teams
Configure the SIEM components for an optimal performance
Improve correlation rules to ensure that the monitoring policy allows an efficient detection of potential incidents. For a new component to be monitored, this encompasses
Analyzing risks and security policy requirements
Translating them into technical events targeting the system components
Identifying the required logs / files / artefacts to collect from the monitored system and, if necessary, possible complementary devices to deploy
Elaborating the relevant detection and correlation rules
Implementing these rules in the infrastructure
Configuring and tuning cyber-defense solutions
Reviewing and improving the monitoring policy on a regular basis
Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions
Contribute to the design of the overall monitoring architecture, in close relationship with the customers / system owners, on the one hand, and the security operations engineering team, on the other hand.
Produce and maintain accurate and up-to-date technical documentation, including processes and procedures, related to security incidents and preventive maintenance procedures
Handle incidents, requests and problem tickets of customers or internal users.
During security incidents, implement detection means to monitor attacker activities in real-time
During security incidents, support the incident response team in the review / analysis of security logs.
Provide activity reports to management to demonstrate service SLA and service quality
Προσθήκη στα αγαπημένα
Κατάργηση από τα αγαπημένα
Πρέπει να συνδεθείτε στο λογαριασμό σας για να προσθέσετε αυτήν την εργασία στα αγαπημένα σας. Κάντε κλικ στο κουμπί "Συνέχεια" για να συνδεθείτε ή να δημιουργήσετε ένα νέο λογαριασμό. Στη συνέχεια, θα μπορείτε να έχετε πρόσβαση στα αγαπημένα σας από τον ιστότοπό μας ή από την εφαρμογή για κινητά του neuvoo.