Security Operations

Role & Reponsibilities of Security Operations

• Monitoring security alerts and events that come from all assets and applications on both the commercial and corporate environments
• Identifying and onboarding log sources that need to be onboarded to the SIEM for aggregation and alerting – normally includes working with other teams (DevOps, Ops, Dev, IT) to obtain logs and onboard them
• Identifying and documenting use cases/alerts that need to be configured in the SIEM or other security controls
• Responding to security incidents following incident response playbooks for each incident type, and following Incident Response Plan
• Manage network vulnerability scans of both the commercial and corporate environment
• Ensure all environments are being scanned those vulnerabilities are getting to the right teams (DevOps, IT, Ops, etc.) to get remediated governing the remediation of discovered vulnerabilities to ensure vulnerabilities are remediated in a timely manner (we have SLAs on time to patch based on criticality)
• Manage cloud security posture management (CSPM) tool(s) to audit cloud infrastructure security and ensure findings are remediated.

Required Key Skillsets

• DevOps
• Operations
• IT & Admin Security