Responsibilities

1. Real‑Time Triage & Investigation
   • Monitor SIEM, EDR & XDR dashboards to identify and validate security events in real‑time.
   • Perform deep‑dive analysis on suspicious activity using logs, telemetry, and threat intelligence.
   • Exercise investigative autonomy: Move beyond the initial alert to determine the full scope and blast radius of a threat.
   • Follow established playbooks & runbooks for incident handling and escalation.
   • Correlate logs from multiple sources to verify incidents.
2. Playbook Execution & Creation
   • Strictly follow established SOPs and Playbooks to ensure consistent incident handling.
   • Playbook Authoring: Identify gaps in current processes and draft new playbooks to automate or standardize responses to emerging threats.
   • Continuously tune and refine existing alerts to reduce false‑positive rates (FPrate).
3. Incident Documentation & Escalation...