• Monitor, detect, and analyze security events across SIEM, EDR, and network monitoring platforms.• Investigate security alerts to identify potential threats, intrusions, and anomalies.• Develop and fine-tune detection rules, correlation logic, and threat-hunting use cases.• Perform proactive threat hunting using intelligence feeds, logs, and behavioral analytics.• Conduct root-cause analysis of incidents and recommend mitigation or preventive measures.• Collaborate with incident response teams to contain and remediate threats.• Maintain and improve detection coverage across endpoints, servers, and cloud environments.
• Integrate new data sources into SIEM and ensure quality of security telemetry.• Analyze malware indicators, phishing attempts, and adversarial tactics (MITRE ATT&CK mapping).• Prepare incident reports and maintain accurate SOC documentation.• Support red/blue/purple team exercises and continuous improvement initiatives.• Contribute to automation of detection and response workflows (SOAR integration)
