• Monitor and detect threats and incidents. • Review the latest alert to determine relevancy and urgency.• Investigate events, diagnose and triage the incident.• Perform cyber security incident investigation and analyze by logging into other security tools.• Perform incident correlations to determine whether the incident is propagating.• Engage with Threat Intelligence team to collect additional information on the threat or malware.• Perform root cause analysis (RCA) and remediation activities.• Perform the triage for all incident tickets and escalate the incident to the next level.• Coordinate with SOC Tier 2 analyst for advanced investigation and response procedures.• Develop custom ad-hoc reports for Security Incident Response Manager.• Manage incident level severity 4(Low) and work with SOC Tier 2 on severity 3 (Minor)

- Perform proactive monitoring for security log events for customers in 24x7 mode.(Splunk, SIEM, TrendMicro (EDR/IPS/etc) and others 3rd Party software)- Escalate validated and confirmed incidents to designated incident response team.- Notify Client of incident and required mitigation works.- Fine-tune SIEM rules to reduce false positive and remove false negatives / analysis and response to previously unknown hardware and software vulnerabilities.- Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation.- Provide advisories and threat intelligence based on new trends, threats, emerging campaigns, malicious attacks, hacker group.- Proactively research and monitor security information to identify potential threats that may impact the organisation.- Develop and distribute information and alerts on required corrective actions to the organisation.- Learn new attack patterns, actively participate in security forums.- Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.- Perform threat intel research.- Track and update incidents and requests based on client’s updates and analysis results.- Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends.- Assist the Level 2 with monthly and ad-hoc reporting - responsible for completing statistical and status reports, as well as providing fast and timely responses.- Perform as an escalation point for all incidents relating to potential security