2 of 2 Incident Response Jobs in Erskine

+Linux +Networking The role: Conduct escalated triage and analysis on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. Apply expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of security incidents. Identify … and escalate critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence to service Tier objectives (SLOs). Investigate potential security incidents by conducting deeper analysis on correlated events and identifying patterns or anomalies that may indicate suspicious or malicious activity. Use … Monitor the threat landscape and document findings on evolving threat vectors, sharing relevant insights with CTAC teams to enhance overall situational awareness. Follow established incident response playbooks, providing feedback for enhancements and suggesting updates to streamline CTAC processes and improve threat response times. Coordinate with Tier More ❯

requirement for this role. Job Functions: Drive technical and architectural improvements of the ArcSight SIEM managed service and related tools. Manage operations involving support, incident response, and change control. Handle version management to ensure appropriate ArcSight version levels within vendor support. Develop and update use case content. Onboard More ❯