Safety Monitoring

Responsibilities: 1. Real-time monitoring and alert handling - Monitor security alerts 24/7 using tools such as SIEM, EDR, and NDR, and perform initial validation and classification. - Handle common alerts (such as brute force attacks, malware, abnormal logins, API anomalies) according to standard operating procedures (SOP). - Accurately record alert information, handling processes, and investigation results to ensure logs are complete and traceable. 2. In-depth investigation and incident response - Conduct in-depth investigations of complex alerts or suspected intrusion incidents, analyzing host, network, and application logs to locate the source of attacks and the affected scope. - Participate in emergency response, assisting in threat containment, removal of malicious traces, system recovery, and writing incident analysis reports. - Collaborate with second-line analysts and blockchain forensics teams to address security incidents involving on-chain assets. 3. Threat detection optimization - Continuously optimize detection rules and alert strategies based on attack techniques and threat intelligence to reduce false positives. - Participate in threat hunting activities to proactively discover unknown threats and abnormal behavior patterns. 4. Cross-department collaboration - Maintain communication with IT operations, development, and risk control teams to ensure smooth incident response processes. - Participate in internal red-blue exercises, phishing simulations, and other security tests to enhance the team's practical capabilities. Skill Requirements: Basic experience: 1-3 years of experience in security operations, security analysis, or related positions, with a preference for those with SOC work background. Technical skills: - Familiarity with mainstream security tools (such as Splunk, ELK, CrowdStrike, SentinelOne, etc.). - Basic understanding of Windows/Linux system log analysis and network traffic analysis. - Knowledge of common attack techniques (such as web application attacks, phishing, ransomware, privilege escalation). - Basic scripting ability in at least one scripting language (Python/PowerShell) to automate simple tasks. Security mindset: Good analytical skills and logical thinking, able to quickly identify the core of problems. Communication and collaboration: Ability to clearly document and report incidents, and work efficiently with team members.