Key Responsibilities
- Network Monitoring & Intrusion Detection: Perform analysis using defense tools including IDS/IPS, firewalls, and host-based security systems.
- SIEM Operations (Elastic SIEM): Use Elastic SIEM to correlate events, identify indicators of compromise, and produce actionable intelligence for response.
- Threat Detection Engineering (Analyst-led): Implement and improve log-based and endpoint-based detection strategies; validate detections and recommend tuning based on outcomes.
- Content Development: Develop and tune SIEM content such as detection rules, machine learning rules, dashboards, and visualizations aligned to customer requirements.
- Activity Correlation: Correlate data across network, cloud, and endpoints to identify attacks and unauthorized actions.
- Alert Management & Reporting: Triage alerts from SIEM and other sensors; document incidents with clear technical reporting and recommendations.
- Threat Research: Investigate emerging threats and vulnerabilities to enhance detection and incident identification processes.
- Phishing Analysis: Analyze phishing submissions and recommend appropriate response actions.
- Incident Response Support: Support containment and mitigation activities; contribute to root cause analysis and corrective actions.
- Automation & Integrations: Create or maintain scripts (Python/PowerShell) for investigation support, enrichment, and workflow automation; help integrate telemetry sources into Elastic as needed.
- Customer Training & Enablement: Provide training to customer teams on SIEM usage, detection capabilities, investigation workflows, and security best practices to drive long-term operational success.
- Operational Excellence: Contribute to documentation (runbooks, detection standards, triage playbooks) and continuous improvement of SOC workflows.
Desired Skills
- Prior experience working in a Security Operations Center (SOC)
- Experience with EDR, SIEM, SOAR, and ticketing tools
- Familiarity with threat actor tactics, techniques, and procedures (TTPs)
- Familiarity with cloud environments (AWS, Azure, GCP) and related security telemetry
- Experience supporting Elastic observability data (logs, metrics, traces) for investigations
- Certifications such as CISSP, CEH, GCIH, Elastic Certified Analyst, or equivalent
- Entry-level cybersecurity certifications (A+, Net+, Sec+, GSEC, etc.)
Seeking a responsible and attentive babysitter to care for an 8-year-old boy and a 12-year-old girl on Friday, July 3, 2026, from 8:00 AM to 8:00 PM in Atlanta, GA. The ideal candidate will engage the children in activities and ensure their safety throughout the day. No...
...Accucare Nursing and Home Care is currently hiring nurses to join our team of dedicated and passionate healthcare professionals. We have openings for several 1:1 nursing positions in various counties. Our passionate and talented team members have made The Accucare...
...Queen brand and delivering exceptional customer (fan) service. Management roles at Dairy Queen are responsible for managing dining room and... ...members May assist the GM in some assigned aspects of local store marketing activities and projects such as public and community...
We are looking for an Experienced Service Technician to join our Team. We are an established company with solid growth and are placed firmly within the market. Perks: With a solid customer base. Offering competitive pay structures. Excellent work environment...
.... We have multiple locations. We pride ourselves on team work and delivering quality products and services. * We are looking for a Medical Office Coordinator to work in our West County Medical Office. Training will be done at the office in Creve Coeur. Job duties include...