Role Description:
Threat Expert (L3) position at SoftwareOne represents a key role in resolving complex security incident issues. SoftwareOne Security Services enable highly effective and cost-efficient security solutions that help our customers maximize software portfolio investments.
The main responsibilities:
- Monitor SIEM Notables and analyze system logs, and other data sources to identify potential security incidents.
- Investigate alerts and suspicious activity to determine if an incident has occurred.
- Contain affected systems and networks to prevent the incident from spreading.
- Implement temporary measures to mitigate the impact of the incident.
- Work with other teams, such as IT and Cloud, security operations, to develop and implement a containment strategy.
- Going through the whole incident response process starting with preparation and ending with lessons learned and writing a report, obtaining evidences in collaboration with users and sysadmins, Network Admins, Cloud Admins, performing malware analysis, performing forensic analysis on demand, educating users about threats and incident causes.
- Analyze incident data to determine the root cause of the incident and identify recommendations for improvement.
- Document and report incidents to all the other relevant stakeholders.
- Develop and implement security plans, policies, and training to prepare the organization to respond efficiently and effectively to cyber threats.
- Develop, revise and maintain Alert Response Procedures (ARPs) and Standard Operating Procedures (SOPs) and Working Instructions of the CDC to the high standards and support/train Level 1 / Level 2 Analysts.