The Cyber Threat Response Analyst deals with cyber security incidents and GDPR-related, carries out incidents remediation checks and analyzes threat intelligence reports with the final goal to improve the cyber resilience of the organisation.
You will review alerts, threat intelligence and security data. You will identify threats that have entered the networks and security gaps and vulnerabilities currently known.
In this role, you will be responsible for conducting incident response operations according to documented response procedures playbook and industry best practices.
You must have excellent communication skills and extensive experience in multiple security areas such as SIEM, UBA, malware, phishing, APT, TIP and WAF.
You will be required to keep yourself updated with latest threats, threat actors and threat campaigns and be able to disseminate pertinent information throughout the SOC.
You should have extensive experience in Linux and / or Windows operating systems as well as having a deep knowledge of networking and attack methods.
You must display enthusiasm and interest in Information Security and demonstrate leadership capabilities in order to lead and manage security incident response escalation and coordination.
You will be part of a SOC and CERT team and will operate during business hours plus on-call shifts.Hunting for suspicious anomalous activity based on data alerts or data outputs from SIEM and several other IT security toolsDrives containment strategy during data loss or breach eventsTriage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)Recommend incident containment and remediation actions to the resolver groupsCheck for incident remediation actions completeness on a regular basis, and perform occasional vulnerability assessment and penetration tests to validate the effectiveness of such remediationsProvide use case creation / tuning recommendations to SIEM administrators based on findings during investigations or threat information reviewsDevelop and deliver incident reporting for executives and managersCreate and maintain daily activity logAssist continuous improvement of processes and work with other teams to improve alerts and rules in the incident monitoring systemsPerform administrative tasks as per management request (ad-hoc presentaions, trainings, etc.
Required Professional and Technical Expertise : Functional and Technical Competences : At least 2 years prior experience in a similar positionPossess good logical and analytical skills to help in analysis of security events / incidentsPossess ability to build and execute an incident containment strategyPossess effective and structured verbal and written communication skillsKnowledge of most active threat actors and most common attack vectorsKnowledge of data protection regulation key principlesKnowledge of TCP / IP protocol and related potential security exposuresKnowledge of systems communications from OSI Layer 1 to 7Knowledge of log formats and ability to aggregate and parse log data for syslog, HTTP logs, DB logs for investigation purposesExperience on network and endpoint security administration toolsExperience with SIEM, SOAR, UBA, anti-malware, spam, phishing and TIP toolsExperience with Systems Administration, Middleware, and Application AdministrationExperience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)Good knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack etc.
English level of B2 or abovePreferred Professional and Technical Expertise : Nice to have : Experience in Software programming skills : Python, C / C++ / Perl and other scripting languages,Experience with log search tools, usage of regular expressions and natural language queriesAn understanding of contemporary and legacy security technologies used within a particular domain (e.
g. Firewalls, IDS, Firewalls, IAM, SIEM)Knowledge of common security frameworks (ISO 27001, COBIT, NIST, etc.)Knowledge of regulatory landscape applicable to financial industry (NIS, PSD2, etc.
Knowledge of encryption and cryptography principlesPrevious experience in the financial industryTraining, Qualifications and Certifications Preferred : CEH or CIH certified, or equivalentSANS SEC504 : Hacker Tools, Techniques, Exploits and Incident Handling trainingAdvanced Security Essentials ?
SEC501 (optional GCED certification)Hacker Techniques, Exploits & Incident Handling ? SEC504 (optional GCIH certification)