Soc Analyst (Tier 2)
Current- Debugging rules, creating and testing new ones and making small tweaks (edit parser, automated statistics information gathering) in SIEM QRadar.- Investigation of more complex cases escalated from Tier 1, reporting, mitigations development for similar cases.- Incident response (blocking IOCs, isolation of compromised hosts etc).- Using MS Security tools (Defender for Identity, O365 Security Center etc) for invistigations and response.- Tier 1 Analysts mentoring.