Experience:
3-5 years experience preferred
Required skills:
- Critical thinking and analysis
- Strong sense of ownership
- Highly curious
- Fascination with big airplanes and travel
- Able to work independently with minimal direction
Responsibilities:
Maintain documentation
Support enterprise logging and analysis solutions
Analyze Log files for suspicious activity
Analyze event data for suspicious patterns
- Analyze log sources, assess threats, and define alerting criteria
- Develop log policies by creating rules, setting thresholds, and prioritizing alerts based on impact and urgency
- Work with IR Engineering to configure data ingestion, detection rules, and fine-tune detection
- Work with CIRT to configure incident creation, explore opportunities to enrich incident data, and assign incidents to CIRT teams
- Review policies regularly, address false positives/negatives, and stay updated on technology
Data extraction
Reporting
Desired Skills (familiar):
MySQL
Anvilogic
FluentBit