Kevin W.

• Analysis and processing of security alerts and incidents

• Implementation of new SIEM rules and improvement of existing rules

• Implementation of a dashboarding environment for alert piloting and monitoring, and KPIs for reporting

• Participation in documentation writing (bluebooks, procedures) for the SOC Technical environment & Tools: Cybereason EDR, Splunk ES, Varonis, Defender M365, The Hive, Jira, SAM/Oxygen, Orion

• Perform benchmarks of security solutions

• Proposal and analysis of products through POCs

• Deployment and administration of the solution

• Monitoring and management of project progress

• Participation in incident processing and threat hunting Technical environment & Tools: WithSecure, Cortex XDR, Varonis, RIOT, Olfeo, Tyrex/Malware Cleaner, Vade for M365, Stormshield, Wallix, BigFix, Azure AD

• Analysis and qualification of security alerts reported by SOC tools

• Participation in incident processing and threat hunting

• Regular monitoring of new attacks and detection methods

• Continuous improvement of activities (reference sheets, procedures, tools, organization)

• Reporting of operational activity Technical environment & Tools: Qradar, SOAR IBM, Sentinel, Azure, Defender, WAZUH, Qualys, Bitsight, Nexthink, Ambionics, CybelAngel, Infoblox, OpenCTI, Matrix, ServiceNow, MITRE, Netskope, SentinelOne