Beschreibung
Supporting our strategic client we are looking for a SIEM-Expert.Define and document the Security Incident and Response Playbooks required to support the SIEM implementation and work closely with the relevant IT Stakeholders and Incident Management teams in the roll out and integration
Define, document and update all processes required to support phase 1 and phase 2 of the SIEM implementation
Review and assess impact and remediation actions for incidents escalated by SOC Level 1 as part of ongoing use case refinement activities
Assist with the tuning of the approved use cases and assist in reducing the number of false positives
Work closely with the IT Security Operations Team Lead and support the IT Security Manager for the SIEM on security incident processes and response plans and processes
Support the implementation of a new SIEM
Strong experience of investigating network threats with advanced analysis experience of multiple attack vectors such as Malware, Trojans, Exploit Kits, Ransomware and Phishing techniques, APTs, etc.
Good Experience in documenting security incident response playbooks
Good understanding of Firewalls and Network Security
Understanding of network protocols
Good Security Analysis experience to include incident classification, investigation and remediation.
Strong analytical, troubleshooting and problem-solving skills for security information and event management.
Experience with reviewing Intrusion Detection System, Intrusion Prevention, Firewall and other security logs and alerts
Experience of analysing alerts from a SIEM, identifying false positives and determining the appropriate remediation action to take
Good knowledge of attack vectors particularly MITRE Attack Framework
Knowledge of Cloud Services (AWS/Azure)
Knowledge of Cloud security principles, techniques and technologies
Ability to resolve problems independently
Knowledge and experience with Windows, Unix/Linux operating systems
Experience with Security Information and Event Management (SIEM) tools e.g. Splunk
Previous experience working as part of a SOC is a bonus but not essential
Experience working with MSSPs or Third Party Providers
Keep up to date with current threat intelligence
Excellent written and verbal communication
Strong analytical and problem solving skills
Confident in engaging with Stakeholders at all levels of the organisation
Excellent team working capabilities
Good Conflict Management Skills
Ability to manage multiple tasks
Fluent English and good German is required
If you are interested, please provide us with your current CV incl. project list, preferably in word-format. Reference :J Duration :30.04.2021 Location : Remote/Essen Languages : Englisch, Deutsch emagine GmbH Wlodarczyk, Katharina T : F :