Previous Job
SIEM Tier II Triage/Response
Ref No.: 17-00216
Location: Rochester, Minnesota
Position Type:Contract
Start Date: 07/10/2017
SIEM Tier II Triage/Response
Rochester, MN

•    Work with Cloud Provider (AWS, Azure, etc.) personnel, toolkits, on incident investigation and response.

•    Provide incident handling and incident documentation for Sev 2 and 3 incidents.

•    Provide initial investigation of Sev 2 and 3 security incidents.

•    Perform analysis of log files.

•    Provide Technical escalation point for Tier I (Security Incidents, 
•    Security Alerts & response to General Inquiries that require security, risk, privacy, or threat input).

•    Manages and assures threat feeds are received, aggregated, reviewed, tickets and acted upon accordingly.

•    Feeds data back to threat feed sources where appropriate of new threats found during internal investigations.

•    Takes an active part in the containment of incidents, even after they are escalated.

•    Documents remediation required based on input during incident handling or vulnerability identification.

•    Opens and tracks tickets for remediation of issues found during an incident or vulnerability that is required to facilitate a closed loop process. 
•    Manage whitelist and black list in SIEM and disseminates to appropriate operators for tool policy updates or setting updates in security tools. 
•    Issue documentation and proactively contacts system asset owners when an incident is resolved to ensure that remediation steps are understood and remediation time line is committed in ticket. 
•    Review daily and weekly metrics for security and vulnerability incidents. 
•    Escalating issues to Tier III or Manager when necessary. 
•    Contribute knowledge base article submissions.