Responsibilities:
Maintain documentation
Support enterprise logging and analysis solutions
Analyze Log files for suspicious activity
Analyze event data for suspicious patterns
- Analyze log sources, assess threats, and define alerting criteria
- Develop log policies by creating rules, setting thresholds, and prioritizing alerts based on impact and urgency
- Work with Incident Response Engineering to configure data ingestion, detection rules, and fine-tune detection
- Work with CIRT to configure incident creation, explore opportunities to enrich incident data, and assign incidents to CIRT teams
- Review policies regularly, address false positives/negatives, and stay updated on technology
Data extraction
Reporting
Desired Skills (familiar):
MySQL
Anvilogic
FluentBit
