Information Technology Security Specialist

Responsibilities:

Incident Response & Coordination

- Lead and manage end-to-end incident response activities, including detection, analysis, containment, eradication, and recovery.

- Act as the primary liaison between internal stakeholders and external SOC teams during security incidents.

- Validate and triage alerts received from the SOC, ensuring completeness and accuracy of analysis.

- Conduct root cause analysis and post-incident reviews to identify gaps and recommend improvements.

- Maintain incident documentation, timelines, and evidence for compliance and audit purposes.

Splunk SIEM BAU Tasks

- Develop and maintain correlation rules, dashboards, and alerts to improve threat detection.

- Perform regular health checks and tuning of Splunk to ensure optimal performance.

Collaboration & Reporting

- Collaborate with IT, network, and application teams to investigate and remediate incidents.

- Provide timely and detailed incident reports to management and stakeholders.

Qualifications:

- Bachelor's degree in Cybersecurity, Information Technology, or related field.

- 3+ years of experience in cybersecurity operations or incident response.

- Hands-on experience with Splunk SIEM (Enterprise Security preferred).

- Strong understanding of network protocols, operating systems, and threat vectors.

- Familiarity with MITRE ATT&CK framework and threat intelligence integration.

- Excellent communication and documentation skills.

- Ability to work under pressure and manage multiple incidents simultaneously.

- Experience working with outsourced SOC or MSSP environments.

- Experience with other security tools (EDR, NDR, SOAR, vulnerability scanners).