Senior Analyst, Cyber Security Monitoring and Incident Response

PRIMARY RESPONSIBILITIES / KEY RESULTS AREAS

• Perform 2nd level security monitoring and analysis of security alerts to identify security incidents
• Maintain an effective log parsing and detection rule base by performing regular rule reviews to improve the false-negative and false-positive rates
• Ensure the technical infrastructure supporting security monitoring and incident response are healthy and continuously improved
• Improve detection capabilities by defining new use-cases, implementing corresponding rules and ensuring necessary logs are collected by the SIEM
• Autonomously work with departments across SES to ensure relevant systems and logs are onboarded to the SIEM
• Manage security incidents autonomously following the established incident response framework to ensure a coordinated, timely and effective response to security incidents.
• Perform in-depth technical analyses of security threats and incidents, including malware analysis, network and system forensic analyses
• Ensure SES security incident response readiness by driving the definition, implementation and continuous improvement of SES’s security incident response framework, including: relevant policies, processes and procedures, incident response tools, and training of actors in the response process
• Collect and analyse security information from different information resources to identify relevant threats and vulnerabilities in order to improve security monitoring and incident response
• Create SES-specific threat intelligence from various data sources, such as managed security incidents, quarantined malware, etc.
• Disseminate synthesised intelligence information within the organization as well as external organizations, such as CERTs, ISACs or partner organizations.
• Manage the vulnerability management process to identify and prioritise vulnerabilities in SES’ systems, applications and services and communicate these to system owners
• Identify and disseminate information on critical vulnerabilities within the organization and propose mitigation plans
• Create and maintain policies, processes, procedures for all cyber security monitoring functions.
• Automate, maintain, and tune the infrastructure and tools of the cyber security operations function (including but not limited to SIEM platform regarding log sources onboarding, log parsing, rules/alerts/reports definition, SOAR platform, sandboxes, EDR tools, forensics workstations)

COMPETENCIES

• Very good analytical and problem-solving skills
• Autonomous with strong self-management skills
• Good coordination and project management skills
• Innovative mind
• Stress resistant and able to manage multiple incidents and tasks at the same time
• Good written and verbal communication skills
• Excellent team player
• Ability to effectively interact with all organization stakeholders

QUALIFICATIONS & EXPERIENCE

Required:

• Bachelor’s degree and 6 to 7 years of experience in Cyber Security, Computer Science, Information Technology, or similar field (a combination of experience and education will be considered)
• Knowledge of computer forensics, security vulnerabilities and exploits
• Knowledge in cloud security, system security, application security and network security 
• Knowledge of security technologies, such as Antivirus, Network and Host Intrusion Detection Systems, Web Proxy/Content Filtering, Authentication technologies, Security Information and Event Management (SIEM)
• Experience programming and scripting skills in different languages such as C, SQL, and Python
• Ability to work on-call
• Fluency in English, any other language is considered as an asset
• Ability to travel domestically and internationally 10% of the time
• Ability to undergo security clearance process

Preferred:

• Security certifications such as GCIH, GCFE, GCFA, GREM, or GCIA
• Experience in malware analysis and reverse engineering
• NATO/EU SECRET clearances