Senior SecOps Analyst / Incident Responder
Пълно описание
Over 20 years of market experience, we brings together technologists, creators and innovators in Europe, North and Latin America, and the Middle East. Join our international team and take the mission to solve the advanced tech challenges of tomorrow!
What project we have for you:
In-depth Investigation: Analyze escalated alerts and incidents from L1. Use advanced forensic and analysis tools to perform deep-dive investigations where appropriate. More often than not, this will simply be consulting additional threat intel sources and closer examination of logs, as deep forensic analysis is typically only required for certain incidents where compromise has occurred. On rare occasions, the investigation might conclude that the alert was triggered due to the legacy alert triggers (SIEM saved search with triggers) design flaws resulting in false positives. While investigating the alert L2 should examine if the alert triggers could be improved based on the investigation outcome and consult that with L3.
What you will do:
Basic Threat Containment: Take limited containment actions under strict guidelines, such as isolating suspicious hosts (when permitted). These guidelines need to be established for internal Platform level accounts, as well as for customer (digital product) accounts. Threat Intelligence Correlation: Leverage threat intelligence sources to correlate indicators and identify broader threat campaigns or tactics used by attackers. There are often security communities / forums where trusted industry professionals post information about active attacks they are seeing. Crowd-sourced threat intel can also be useful. Containment & Mitigation: Coordinate with product teams to implement containment measures (e.g., blocking IPs, disabling accounts, quarantining devices) and lead initial remediation efforts. During these occurrences consult with product teams about their appetite for participating in automatic remediation / mitigations. Report that to L3. In order to perform remediation (either manually or through automation) on behalf of a product, agreements must be in place that indicate which containment measures are authorized to be performed. Incident Handling: Act as the primary handler for incidents, leading analysis, investigation, and coordination efforts until resolution. Root Cause Analysis: Conduct detailed root cause analysis on incidents and assist with recommendations for future prevention. Playbook & SOP Enhancement: Review and update incident response playbooks and procedures to reflect new threats and improve efficiency. Based on feedback from L1 or if identified that an area does not have a runbook created – develop such a runbook if possible. Consult L3 in case L2 is unable to deliver the runbook themself. Escalation to L3: Escalate complex or high-impact incidents to L3 with a detailed analysis and recommendations.
What you need for this:
5+ years of experience as SecOps engineer Good knowledge of network and Cloud security, including malware analysis and packet analysis. Forensic experience is also a plus. Practical experience with Splunk; administrative experience is considered a strong advantage. Hands-on experience with AWS tools must have Experience with threat intelligence and incident response tools. Strong problem-solving skills and ability to handle more complex or persistent threats. Security Certification(s) and/or strong educational background in security, as well as experience working in a SOC. Bachelor degree or higher education
Nice to have:
Basic knowledge of Python or any other scripting language Strong understanding of Unix/Linux and Windows architecture. Knowledge of containerization and Kubernetes.
What it’s like to work with us:
We are committed to being an equal opportunity employer, fostering equity, diversity, and inclusion. We welcome and celebrate the differences of all qualified applicants. Join our team for a career where your unique perspectives are not only valued but crucial to our success.
What project we have for you:
In-depth Investigation: Analyze escalated alerts and incidents from L1. Use advanced forensic and analysis tools to perform deep-dive investigations where appropriate. More often than not, this will simply be consulting additional threat intel sources and closer examination of logs, as deep forensic analysis is typically only required for certain incidents where compromise has occurred. On rare occasions, the investigation might conclude that the alert was triggered due to the legacy alert triggers (SIEM saved search with triggers) design flaws resulting in false positives. While investigating the alert L2 should examine if the alert triggers could be improved based on the investigation outcome and consult that with L3.
What you will do:
Basic Threat Containment: Take limited containment actions under strict guidelines, such as isolating suspicious hosts (when permitted). These guidelines need to be established for internal Platform level accounts, as well as for customer (digital product) accounts. Threat Intelligence Correlation: Leverage threat intelligence sources to correlate indicators and identify broader threat campaigns or tactics used by attackers. There are often security communities / forums where trusted industry professionals post information about active attacks they are seeing. Crowd-sourced threat intel can also be useful. Containment & Mitigation: Coordinate with product teams to implement containment measures (e.g., blocking IPs, disabling accounts, quarantining devices) and lead initial remediation efforts. During these occurrences consult with product teams about their appetite for participating in automatic remediation / mitigations. Report that to L3. In order to perform remediation (either manually or through automation) on behalf of a product, agreements must be in place that indicate which containment measures are authorized to be performed. Incident Handling: Act as the primary handler for incidents, leading analysis, investigation, and coordination efforts until resolution. Root Cause Analysis: Conduct detailed root cause analysis on incidents and assist with recommendations for future prevention. Playbook & SOP Enhancement: Review and update incident response playbooks and procedures to reflect new threats and improve efficiency. Based on feedback from L1 or if identified that an area does not have a runbook created – develop such a runbook if possible. Consult L3 in case L2 is unable to deliver the runbook themself. Escalation to L3: Escalate complex or high-impact incidents to L3 with a detailed analysis and recommendations.
What you need for this:
5+ years of experience as SecOps engineer Good knowledge of network and Cloud security, including malware analysis and packet analysis. Forensic experience is also a plus. Practical experience with Splunk; administrative experience is considered a strong advantage. Hands-on experience with AWS tools must have Experience with threat intelligence and incident response tools. Strong problem-solving skills and ability to handle more complex or persistent threats. Security Certification(s) and/or strong educational background in security, as well as experience working in a SOC. Bachelor degree or higher education
Nice to have:
Basic knowledge of Python or any other scripting language Strong understanding of Unix/Linux and Windows architecture. Knowledge of containerization and Kubernetes.
What it’s like to work with us:
We are committed to being an equal opportunity employer, fostering equity, diversity, and inclusion. We welcome and celebrate the differences of all qualified applicants. Join our team for a career where your unique perspectives are not only valued but crucial to our success.