Beschreibung
Currently we are looking for one candidate who is able to cover the following position:Project description:
This role sits within the IT Security team which is responsible for Operational Security. The purpose of this role is to provide the business areas with an effective IT security service within the operational environment and act as a Security Incident Response Analysis and Process Expert.
Your primary responsibilities:
Define and document the Security Incident and Response Playbooks required to support the SIEM implementation and work closely with the relevant IT Stakeholders and Incident Management teams in the roll out and integration
Define, document and update all processes required to support phase 1 and phase 2 of the SIEM implementation
Review and assess impact and remediation actions for incidents escalated by SOC Level 1 as part of ongoing use case refinement activities
Assist with the tuning of the approved use cases and assist in reducing the number of false positives
Work closely with the IT Security Operations Team Lead and support the IT Security Manager for the SIEM on security incident processes and response plans and processes
Support the implementation of the new SIEM
Other duties as assigned
Your key competencies:
Strong experience of investigating network threats with advanced analysis experience of multiple attack vectors such as Malware, Trojans, Exploit Kits, Ransomware and Phishing techniques, APTs, etc.
Good Experience in documenting security incident response playbooks
Good understanding of Firewalls and Network Security as well as of network protocols
Good Security Analysis experience to include incident classification, investigation and remediation.
Strong analytical, troubleshooting and problem-solving skills for security information and event management.
Experience with reviewing Intrusion Detection System, Intrusion Prevention, Firewall and other security logs and alerts
Experience of analysing alerts from a SIEM, identifying false positives and determining the appropriate remediation action to take
Good knowledge of attack vectors particularly MITRE Attack Framework
Knowledge of Cloud Services (AWS/Azure)
Knowledge of Cloud security principles, techniques and technologies
Knowledge and experience with Windows, Unix/Linux operating systems
Experience with Security Information and Event Management (SIEM) tools e.g. Splunk
Previous experience working as part of a SOC is a bonus but not essential
Experience working with MSSPs or Third Party Providers
Keep up to date with current threat intelligence
Knowledge required CompTIA Security+, CEH, CISSP
c parameters:
Location: Essen
Duration:
English CV
Important for your application:
In addition to your project history which emphasizes the required skills, we need a written self-assessment. The purpose of this self-assessments to convince the reader that you are the perfect candidate for the applied position.
The intensive cooperation with our customer showed that the self-assessments were of great importance during the selection process.
Your GECO contact person is looking forward to your feedback and your current CV (Word document) incl. your availability and your salary requirement / hourly rate:
Saifeddine Zitouni
Alternatively, you can also upload your application documents encrypted on our portal, where you will also find other exciting positions: https://www.geco-group.com/it-specialists/jobs
Simply search for the appropriate project and click "Apply".
Start: 16.11.2020
Dauer: 16.04.2021
Art: Contract