Secureworks Japan - Splunk Security Advisor
This role will function as a SOC Analyst. You will receive alerts and respond to activity within the client's environment detected by the client’s security controls, enhanced by SecureWorks’ threat intelligence, and correlated in the client’s Splunk SIEM as Splunk Notable Events and also from client’s security ticketing system. In this position you will be responsible for investigating alerts, determining the source of the threat, the extent to which client assets have been compromised, making recommendations for remediation, and assisting in the implementation.
The responsibilities of this role include:
・Performing daily operational 'eyes on glass' real－time monitoring and analysis of security events from multiple sources including but not limited to events from Splunk SIEM tools, client ticketing system, network and host based IDS, firewall logs, system logs （Unix ＆ Windows）, mainframes, midrange, applications and databases.
・Collaboration with the client’s Line of Business technical teams for issue resolution and mitigation.
・Documentation of actions taken for audit, regulatory and legal purposes within approved event tracking system.
・Use knowledge of client’s security controls to initiate further research and analysis on events including platforms such as: Symantec Symantec DLP ＆ Office 365 DLP, Skyhigh, BlueCoat Security Analytics （Solera）, Suricata, TippingPoint, Incapsula, Palo Alto, Attivo, Invincea, Symantec CSP, Splunk, Agari, ProofPoint, InfoBlox, Symantec Endpoint Protection, ForeScout, etc.
・Routinely interact with vulnerability and threat management teams and incorporate feedback into information security applications （for example Qualys）
・Work a shift based schedule in a security operations environment.