Associate Engineer, Incident Response
Current• Evaluate escalated security events and coordinate with engineering team to improve detection and response.• Perform phishing review for user submissions and remediate users found at risk.• Utilize Splunk SIEM to conduct searches and create dashboards using advanced Splunk Processing Language (SPL).• Investigate anomalous activity using endpoint detection (EDR) software such as Crowdstrike.• Generate leads on and perform threat hunts to reduce dwell time and identify areas of detection.• Coordinate with engineering and threat intelligence teams to create and modify Splunk dashboards.