- Continuously monitor and triage security alerts across endpoint, network, identity, and cloud telemetry.
- Investigate alerts to determine severity, scope, and whether activity is benign, suspicious, or malicious; escalate per documented procedures.
- Perform initial incident response support activities such as evidence collection, timeline development, and basic containment recommendations under supervision.
- Use SIEM, EDR, NDR/NSM, and SOAR platforms to detect, investigate, and respond to threats.
- Leverage threat intelligence and common frameworks (e.g., MITRE ATT&CK) to enrich investigations and communicate attacker behavior clearly.
- Thoroughly document work in case management systems, including investigation steps taken, evidence reviewed, decisions made, and recommended next actions.
- Communicate status and findings to internal leadership and clients with professionalism and clarity (written and verbal).
- Contribute to continuous improvement by identifying recurring false positives/noisy alerts and providing feedback for tuning and playbook updates.
- Maintain proficiency through required training, labs, and knowledge sharing; follow policies to protect confidential information.
Python