Nursyahira Binti Mohd Salleh

1. Manage RSA Netwitness Platform & Components and other related software.

2. Perform similar role as above for other related software or tools that company may adopt from time to time.

3. Coordinate and conduct event log source collection, log management and event management.

4. Ensure event log source flow from various servers, security devices and appliances to the SIEM system.

5. Research and analyze and understand common and complex logs sources.

6. Work with the Security Analyst to identify content improvement opportunities.

7. Perform analysis and correlation of events of interests to identify and detect potential security incidents.

8. Develop detection rules to support alert and response capabilities for SOC services.

9. Manage and produce weekly, quarterly and monthly report for customers.

1. Maintain related IT records so they remain updated and easily accessible.

2. Utilize office appliances such as photocopier, printers and computers.

3. Undertake basic bookkeeping tasks and issue invoices etc.

4. Assist in office management and organization procedures.

5. To provide desktop support to internal staffs, to troubleshoot problems involving office equipment, such as computer hardware and software internally.

6. To assist supervisor in preparing IT related report and statistic.

7. Generate task summary in power bi every month.

1. Assists in alert handling process and documentation updates. This is the process to identify any security incident or alerts that need to inform the customer by monitoring dashboard and log activity in QRadar.

2. Perform hands-on security investigation for security event alerts and escalate any security incidents or alerts that have the highest occurrences based on the log source and event name. For cases that already be sent must be managed and follow up cases with the client, provide remediation for open cases security events.

3. Monitor malware callback events in FireEye. In order to determine the victim hostname, I have to filter the IPs involved at the DHCP log source in QRadar since all the events from FireEye will go through the DHCP first