JOB RESPONSIBILITIES/PROJECT TASKS
Monitor SIEM and other network security devices for alerts
Investigate alerts utilizing available tools including Netwitness, log reports, open source intelligence, past incidents.
Provide incident reporting and recommendations for review and approval
Record incident details, provide remediation tickets to appropriate departments and track to completion
Process threat reports, search for IP/domain hits, record results, and perform remediation tasks if required
Monitor the status of equipment and log feeds and notify management and engineering of any problems
Perform automated or manual malware analysis, identify malware types, families, and callouts.
Perform malware reverse engineering and identify shell code, malware/backdoor relationships and ongoing changes
Provide in depth analysis reporting including encoding methods and decoders for analyzing beacons
Provide signatures and indicators based upon analysis
Upload signatures to appropriate devices, test and monitor for effectiveness and false positives
Review and approve analysis reports and recommendations from analysts
Record analysis details, samples and work products
Develop new methods for detection of malware and carriers
Monitor open source intelligence and create new threat reports