Descripción y detalle de las actividades
- monitoreo continuo de los eventos de seguridad reportados por las herramientas instauradas en el soc
- análisis, registro y asignación de eventos de seguridad.
- clasificación de eventos de seguridad.
- escalar amenazas detectadas a nível 2.
- seguimiento a las amenazas e incidentes de seguridad reportadas y elaboración de reporte al finalizar su tratamiento.
- aplicar proceso de gestión a incidentes indicados por el nível 2.
- creación de tableros a la medida para alertas, reportes o monitoreos específicos.
- mantener todos los eventos e incidentes de seguridad, clasificados, reportados (en caso de que aplicar ), asignados y tratados.
- realizar los procesos de seguimiento, gestión y control de activos críticos.
*if t2 - contenido de azure sentinel - investigacion de incidentes escalados por nível 1
experiência y requisitos
- experience in information security or related field.
- experience with computer network penetration testing and techniques.
- understanding of firewalls, proxies, siem, antivirus, and idps concepts.
- ability to identify and mitigate network vulnerabilities and explain how to avoid them.
- manage, monitor, optimize azure sentinel, mcas, defender security center, intune, and other microsoft security platforms.
- analyzing requirements for security tools and technology (siem, endpoint protection, vulnerability management, dlp, perimeter security, ddos, other).
- receives security incident alerts from the tier 1 junior analysts and performs in-depth security incident analysis.
- correlates with threat intelligence sources to identify the threat actor and determine the origin of the incident.
- implementing soar and other automation qualifications and capabilities.
- providing direction and guidance on customer security requirements and standards for monitoring, alerting and incident response.
- identifying strategy for containment, remediation steps and recovery procedures.
- identifying new security threats by conducting continual monitoring, security testing, vulnerability assessments and log analysis.
- conducts system containment, remediation steps and recovery procedures.
- use threat reporting and/or the hypothesis-driven method to create, scope and execute threat hunts.
- perform endpoint, network, azure log analysis, correlating events in both proactive hunt activities and reactive response.
- search for, identify and document cyberthreats and risks hidden from existing detection logic, analytics, and machine learning.
- analyze and catalogue findings with respect to tactics, tools, and procedures (ttps), behaviors, goals, and methods.
- assist in organizing findings into reports with the goal of identifying and informing readers of environmental and organizational threat trends.
organización
kmicro
giro
informatica
actividad principal
seguridad informatica
número de empleados
100
*área* sistemas
*contrato* permanente
*turno* diurno
*jornada* tiempo completo
*salario mensual* $40000 - $75000 mxn
*estudios* carrera tecnica
*inglés *hablado: 75%, escrito: 75%
*sexo* indistinto
*edad* 18 - 65 años