1TSYS Way , Building C 1st Floor Columbus, GA 31909
- Develop correlation rules and playbooks within Splunk, UBA, and Phantom SOAR Platforms to meet the overall objectives.
- Develop SIEM, UBA, and Orchestration automation to process events for threat identification and alert generation in a shared environment.
- In conjunction with Threat Hunting and Threat Intelligence teams, analyze the signatures cyber attackers leave behind throughout a network and develop SIEM rules to detect future intrusions.
- Conduct open ended analysis of large data sets in order to find network activity baselines as well as abnormalities.
- Research and deconstruct cyber-attacks into sequenced Indicators of Compromise (IOC) detectable through network device logs.
- Conduct research in security principles, host- and network-based security technologies, machine learning algorithms, and attack and mitigation methods.
- Test rules in a lab environment using penetration testing tools.
- Clearly and effectively document your work to inform multiple audiences of how to use your work.
- Develop and mature strategic enterprise logging policies to conform to financial sector compliance requirements.
- Work directly with affiliates and internal business partners to gather initial monitoring requirements for integration into security monitoring platforms.
- Work on multiple projects concurrently, monitor the status of tasks and escalate issues when appropriate for integration.
- Identify gaps in efforts to mitigate and assess compliance areas