Incident Responder

As a SOC Cybersecurity Incident Responder, you are a highly technical, seasoned security professional with a complete detailed understanding of incident response, cybersecurity domains and today’s threats with several years of continuous experience immersed in Security Operations culture and Enterprise or Managed Security Services CSIRT, CERT, IR Teams. You will be working closely with our passionate Team of professionals - Security Threat Analysts, fellow Security Incident Responders, Threat Detection and Intelligence Experts, Security Architects, Engagement Managers, Software Architects. You will be reporting to the Manager of SOC Incident Response Team.

What will be your key responsibilities:

  • Performing deep-dive incident analysis by correlating data from various sources
  • Determining if a critical system or data set has been impacted
  • Advises the Customer and internal Teams on threat remediation
  • Providing support for new analytics methods for detecting threats
  • Performing Emergency Incident Response activities

What experience should you have:

For an ideal SOC Incident Responder candidate:
  • Degree in Information Technology
  • 4-8 years in Cybersecurity and SOC / CSIRT/ CERT Environments
  • Good understanding of the security kill chain and MITRE ATT&CK Matrix
  • Good understanding of Cyber Security perimeter technologies
  • Good understanding of Security in Depth
  • Deep understanding of security telemetry sources and analysis
  • Experience with Cloud Cybersecurity Service providers - Microsoft Azure, AWS, IBM Cloud
  • Deep experience in threat detection - endpoint, network and cloud
  • Basic malware assessment
  • Security Best Practices

Nice to have:
  • Scripting language programming (Python, Powershell, Bash)
  • Network security principles, protocols and technologies
  • Operating systems security principles and technologies
  • Application security principles and technologies
  • Data security principles, protocols and technologies
  • MS Windows operating systems administration
  • *NIX operating systems administration
  • Working with customer-specific environment (such as NGFW/IPS/SIEM/etc)
  • Working with IR orchestration systems
Phantom
Demisto
TheHive
MISP

Technical certifications and trainings are a plus:
  • Python for Security Professionals / Python Scripting Expert (SPSE)
  • Incident Response and Advanced Forensics
  • Penetration Testing with Kali Linux (PWK) / Offensive Security Certified Professional (OSCP)
  • Red Hat Certified System Engineer / Administrator (RHCSA/RHCE)
  • SANS SEC501: Advanced Security Essentials - Enterprise Defender / GIAC Certified Enterprise Defender (GCED)
  • SANS SEC503: Intrusion Detection In-Depth / GIAC Certified Intrusion Analyst (GCIA)
  • SANS SEC504: Hacker Tools Techniques, Exploits and Incident Handling / GIAC Certified Incident Handler (GCIH)
  • Knowledge of Atlassian Stack (Confluence, Jira)
  • Knowledge of ServiceNow / other Customer Care platforms

What do you get in return:

  • Friendly, open-source company culture in the eco-friendly building with relaxing and gaming spots and terraces
  • An extra week of vacation
  • 2 sick days
  • Home office possibility
  • 2400 benefit points as an annual contribution to the home office
  • Reward for emergency and overtime increased beyond legislation
  • Free entry to Individual Fitness in the TietoEVRY building (Ostrava), Multisport card (Brno, office Anywhere)
  • Education - IT courses, certifications, language courses and personal development
  • Coffee, tea, and fruit in the workplace for free
  • Offer of calls and other O2 telecommunication services for a special price
  • Employee recommendation referral
  • 77 CZK meal voucher flat rate
Mám zájem o tuto pozici

Poslat nabídku na e-mail