Role description
Responsibilities:
· Review and triage events and design/implement correlation searches to respond to changes in the environment while reducing false positives.
· Monitor for and detect security events from SIEM, Log collection Engines and other security technologies, such as Splunk while performing investigations using various Monitoring Security technologies (i.e. IDS/IPS, DLP, etc.).
· Review alerts escalated by end users and perform initial triage of incoming issues (initially assessing the priority of the event, initial determination of event to determine risk and damage or appropriate routing of security or privacy data request).
· Responsible for reviewing and analyzing anomalous data activity events
· Monitor for and respond to events involving potential loss of consumer, employee, business sensitive data, or intellectual property
· Identify anomalous user behavior
· Conduct thorough analysis of reported security incidents
· Understand and follow established Data Protection playbooks
· Identify opportunities to improve existing monitoring and response processes
· Collect and analyze event metrics for DLP KRI/KPI metric reporting
Nice to Have:
· Experience with process automation and one or more programming/scripting languages (Python, etc)