The Global Cyber Security Analyst’s role is to support the Global Security Team and the Global Cyber Security Incident Response Team (CSIRT) to analyze and correlate global and regional cybersecurity data. This includes helping to monitor, triage, and prioritize the response to alerts for both cloud and traditional infrastructures.
Global Cyber Security Analyst
Warszawa- monitor, triage, prioritize, coordinate events with global and regional teams, and respond to alerts for further investigation
- perform technical analysis on a wide range of cybersecurity issues
- document key event details and analytic findings in analysis reports and incident management systems
- conduct enterprise security log collection, management, and analysis. Investigate SIEM events, alerts and tips to determine if an incident has occurred
- integrate threat intelligence reporting & indicators of compromise to improve defenses and proactively mitigate new threats
- conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response activities
- recognize attacker and APT activity; tactics, techniques, and procedures (TTPs); and indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response
- coordinate the response for confirmed security incidents, to include efforts to scope,contain, eradicate, and remediate
- maintain situational awareness and keep current with cyber security news and latest threat actor TTPs
- document ongoing investigations and analysis using ticketing and incident reporting systems
- support the production of effective situational awareness products with relevant metrics and visualizations for key stakeholders and leadership
- function as the first line of cyber defense for the Cyber Security Incident Response Team (CSIRT)
- ensure proper configurations and security controls of systems and agents
- understanding of multiple log types including Windows, Active Directory, Email, Firewall, VPN, etc.
- integrate lessons learned to improve defensive capabilities and incident response processes
- assist in developing and maturing the future services and capabilities of the Global Security Team, such as Forensics, Threat Management, Penetration Assessments, Tool Management, Vulnerability Management, etc.
- bachelor's degree in Computer Science, Information Security, Information Technology, or other related disciplines (or equivalent professional experience)
- 5 + years incident analysis, security architecture, malware research, SOC analyst, or any other similar incident response experience.
- fundamental understanding of security tools such as SIEM, IDS/IPS, web proxies, DLP, SIEM, DNS security, DDoS protection, and firewalls
- advanced knowledge of MITRE ATT&CK security framework, Cyber Kill Chain analysis, and/or other useful threat analysis models
- advanced knowledge of the incident response process and industry best practices, TCP/IP protocols, computer networking, routing, switching, Window and Linux operating systems, and encryption technologies
- experience analyzing and inspecting log files, network packets, and any other security tool information output from multiple system types
- familiar with basic reverse engineering principles and understand of malware, rootkits, TCP/UDP packets, network protocols
- team-oriented and skilled in working within a collaborative environment
- ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment
- knowledge and experience with scripting and programming (Python, PERL, etc.)are also highly preferred
- required flexibility to work nights, weekends, and/or holiday shifts in the event of an incident response emergency
- experience with technical analysis of email headers, links, and attachments todetermine if an email is malicious, and then executing remediation techniques to protect the environment
- ability to work independently and collaborate with geographically dispersed teams
- strong troubleshooting, reasoning and problem solving skills
- excellent written and verbal communication, interpersonal, intercultural, and presentation skills, and the proven ability to influence and communicate effectively at all levels (technical contributors up to senior management)
- preferred: Industry certifications such as GCIH, GCIA, C|EH, C|SA, CySA+, etc.
- occasional travel to support global cyber security operations and incident response
may be necessary
Agencja zatrudnienia – nr wpisu 47
