Lokalita: Czech Republic, Slovak Republic
Typ: plný úväzok
Sektor: IT a Telekomunikácie
Úroveň pozície: Specialist
Plat: 5000 EUR Gross.
As a Senior Security Operations Center Analyst, you will support the Incident Response Team monitoring and responding to security events. In this position, you will perform tasks like; monitoring, research, classification and analysis of security events that occur on the network or endpoint.
- Monitor SIEM, EDR, and other security tools for detection and identification of security events
- Document security investigations in a clear and consistent manner, often based on incident tickets created by EDR or SIEM
- Develop new use cases for security alerts, playbooks and also training on alerts
- Tune existing use cases to improve accuracy
- Tune endpoint and network security tools as needed, understand their configuration and settings options
- Perform threat hunting to identify potential security threats
- Perform vulnerability and threat intelligence research for specific type of attacks
- Review threat intelligence reports, ability communicate TTPs (Techniques, Tactics, and Procedures) to clients and prospects
- Ability to work after hours if needed, and understand 24/7 operations with add hoc support
- Perform security anomaly and incident detection
- Investigate, contain, and resolve security anomalies and events
- Perform threat actors attribution, understanding of criminal and nation states groups
- Identification of likely threat vector for security incidents, root cause analysis in EDR and SEIM
- Be able to use scripts to automate and correlate events, such as python and PowerShell
- Generous PTO
- Paid cyber education courses and certifications
- Paid Company Holidays
- Paid Sick Time
- Gym membership reimbursement
- Company phone
- Numerous company-sponsored events and team building.
- Minimum 3 years experience of combined SOC and Threat Hunting, working in SOC team, threats and vulnerability management, security operations and engineering or hunt
- Experience working with multiple SIEM, EDR, Log Aggregators, and Incident Response Management solutions
- Strong technical knowledge of Networking, Operating Systems and enterprise integrations
- Firm understanding of the security incident lifecycle
- Thorough understanding of TCP/IP
- Understand IDS / IPS rules to identify and/or prevent malicious activity, such as memory injections
- Basic knowledge of forensic methodologies and best practices to investigate intrusions, preserve evidence and coordinate a unified security response
- Basic knowledge of malware analysis
- Understanding of Packet Analysis (PCAP) and Packet Analysist software
- Familiarity with Database (Oracle, MSSQL, MySQL)
- At least one of the following certifications: CEH, CEPT, GPEN, OSCP, GWAPT, GSEC or GIACs.
- Experience with Python, PowerShell, and API programming
- Understanding of the VERIS and MITRE ATT&CK frameworks is a plus
- Confident and dynamic personality
- Desire to collaborate with team and work independently
- Ability to work under strict deadlines
- Strong communication skills
A global leader in Incident Response, Digital Forensics, Penetration Testing, Ransomware Mitigation, and Cyber Resiliency Services. The company experience spans decades working on high profile cases in coordination with Law Enforcement Agencies around the world.
Their best-in-class methodology builds on experience working with US Intelligence Agencies, US Secret Service, FBI, DHS, Interpol, Europol and NATO.
The company experts have been recognized with numerous awards, including being the winning team of Locked Shields, the world’s largest and most advanced international live-fire cyber defence exercise organized by NATO CCD COE in 2016.