Beschreibung
SOC Specialist - Incident Manager - Germany
Role Description:
The role of the SOC Specialist/Incident Manager is part of the Global Cyber Security Operations Center (dbSOC). The Global Cyber Security Operations Center operates 24x7x365 in a follow-the-Sun mode and is responsible for enabling the business by providing agile, implementable, cost-effective and cutting edge Cyber Security Operational and Incident response services to protect DB's data assets, customers and partners.
The SOC Specialist/Incident Manager is the responsible person for the management of security incidents during all stages of the incident management process including an in-depth analysis. Therefore the SOC Specialist/Incident Manager will evaluate escalated security alerts from the Senior SOC Analysts, assess the security and business risk associated with a security incident, coordinate containment, eradication, recovery, investigation and response measures and assure an appropriate tracking, documentation, closure and post incident reporting and review of incidents. The SOC Specialist/Incident Manager will lead the communication during and after an incident (management reporting, communication with relevant stakeholders). In addition the SOC Specialist/Incident Manager will provide guidance and training for the SOC Analysts and Senior SOC Analysts, develop and maintain incident response plans and contribute to the enhancement of the incident detection, analysis and response capabilities.
Experience/Requirements:
7-10 years of security experience in a technical role, mainly in the area of Intrusion Detection Systems, Platform and/or Network security
Strong security background (understanding risk assessment, legal and regulatory requirements, threats, vulnerabilities, security policies etc.)
Excellent technical understanding of enterprise grade technologies including security devices, network engineering, operating systems, databases and applications and their security settings and configurations
Ability to read and understand system and network traffic data including security event logs, system logs, application logs, etc.
Demonstrate prior experience in Scripting languages, software vulnerabilities, hacking techniques, exploits, malware, forensics and/or reverse engineering
Comprehensive knowledge of the threat landscape, adversary tactics, techniques, and procedures (TTP), general attack stages, kill-chain and attack types
Broad knowledge and proven experience in incident handling and incident response methodologies
Excellent knowledge of network security technology and various detection, analysis, troubleshooting and configuration control tools (eg SIEM, NIDS; DAM, Big Data Analytics, Log file and network traffic analysis, vulnerability scanner)