Description:
Responsibilities:
- Advanced IR: Leading the containment and eradication of high-severity incidents
- Digital Forensics: Performing memory, disk, and network forensics to determine the "patient zero" and the extent of a breach
- Malware Analysis: Conducting static and dynamic analysis of suspicious files/scripts
- Threat Hunting: Proactively searching for hidden indicators of compromise (IOCs) using the MITRE ATT&CK framework
2. Security Engineer (QRadar, CrowdStrike, Purview)
This role is focused on the engineering and administration of the security stack, ensuring the tools are tuned and integrated.
Responsibilities:
- Integration: Automating workflows between QRadar (SIEM) and CrowdStrike (EDR) via APIs.
- Policy Management: Designing and enforcing data protection rules in Purview.
Platform Specific Skills Required:
- IBM QRadar: Writing AQL queries, developing custom Log Source Extensions (LSX), and tuning correlation rules to reduce false positives.
- CrowdStrike (Falcon): Managing sensor deployment, configuring prevention policies (EDR/EPP), and utilizing Real-Time Response (RTR).
- Microsoft Purview: Implementing Data Loss Prevention (DLP) policies, sensitivity labels, and eDiscovery across the O365/Azure environment.