It Security Specialist 4
Current- Developed, implemented, and manages the enterprise-scale incident response capability to detect, respond to, investigate, and remediate security incidents.- Perform incident response (both reactive and proactive incident management) related to security events to include, but not limited to: live response, system triage, memory forensics, network forensics, digital forensics, malware analysis, and incident management program development.- Designed, implemented, and manages the SIEM system for detecting malicious threats within and against the organization's network.- Perform security event analysis for various attacks such as: end point compromises, compromised accounts, malware, and web application/server attacks.- Aggregate threat indicators from multiple sources including internal ones and convert them into comprehensive SIEM rules and queries for malicious activity.- Trains computer security incident response team (CSIRT) members on: incident response activities, security monitoring, digital forensics, malware analysis, and investigative methodologies.