Hands‑on experience with IDS/IPS platforms, specifically Cisco Firepower and TippingPoint, including signature tuning, false‑positive reduction, and threat‑driven detection improvements.
Advanced packet capture (pcap) and network analysis skills using Corelight, NetWitness, and CRIBL pipelines to identify anomalies, malicious traffic, and lateral movement.
Experience maintaining and tuning EDR platforms, including CrowdStrike Falcon and SentinelOne, and integrating EDR telemetry into SIEM and orchestration workflows.
Threat intelligence application expertise
Develop detection logic aligned with adversary TTPs
PREFERRED
Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise,
Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise,
Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
Perform packet-level analysis to validate alerts and identify malicious activity
Serves as an escalation SOC analysts to support other SOC analyst and incident responders with enriched network-leve intelligence
Proficiency with Google SecOps and Cyware (SOAR) orchestration, including building automated workflows that integrate SIEM, IDS/IPS, EDR (CrowdStrike, SentinelOne), threat intelligence, and Jira ticketing for SOC automation