Augment their Global Security Fusion Center (SOC) Incident Handling team to investigate alerts and mature documentation
Level/Title Needed:
L3 SOC Analyst, SOC Manager
Job Description:
8+ years of security experience in SOC or as incident responder. GCIH certification highly desired. Experience performing Incident Handling in IBM QRadar.
Resource will be responsible for creating and documenting technical, step-by-step process of incident handling of alerts that come into the SOC.
Qualifying Questions:
Are you familiar with the MITRE ATT&CK framework? Have you worked in SOCs with tens of incident handlers?
Can you both define and document the low level technical process and checklists that a L1 or L2 incident handler should follow for a given security monitoring use case?