SOC Analyst

A groundbreaking technology company that's changing the banking system is looking for a senior DevOps engineer to join the ride.

Responsibilities

• Treat incident response cases from start to finish, including identifying the threats, investigation, and consulting external vendors on IR and mitigation steps.
• Write detection rules with actionable recommendations for mitigations.
• Investigate alerts, anomalies and incidents and create custom detections and next step recommendations.
• Investigate logs from security systems to detect intrusions or misconfigurations and create detections based on your findings.
• Threat hunting to discover existing malware or threat actors that compromised the network.
• Producing reports and metrics on threat hunting / Incident response cases.
• Research emerging attacks, technologies, threats, and vulnerabilities in SaaS and enterprise products and create actionable alerting scenarios to catch them through the Siem Solution.

Skills & knowledge

• Manage and coordinate cyber incident processes with the SOC team.
• Conduct in-depth analysis of security events and incidents to identify the root cause and scope.
• Operate and maintain the SIEM system including fine tuning to optimize detection and response capabilities.
• On-demand threat-hunting activities on cloud environments and SaaS applications.
• On-demand Incident response mitigation for incidents raised by our SOC team.
• Research new attack vectors, including identification, and related mitigations across the enterprise IT landscape.
• Be a knowledge source for new and emerging threats, incident response processes, and threat-hunting activities.
• Evaluate & recommend new security technologies and help shape the product with your insights and expertise.
• On-call availability off working hours.

Requirements

• 10+ years of experience in hands-on threat hunting and incident response in complex, security organizations.
• Hands-on experience in threat hunting and incident response on cloud environments (AWS) and SaaS products (OKTA, Google workspaces, Github etc).
• Hands-on experience in SIEM technologies.
• Strong knowledge in security technologies such as XDR, CSPM, WAF, FW etc.
• Familiarity with common cloud and SaaS attack vectors and misconfigurations.
• Solid understanding of the cyber security kill chain (MITRE ATT&CK/D3FEND), identifying security vulnerabilities, typical attacker exploit techniques, and related mitigations and remediations.
• Great communication skills - Fluent in english, spoken and written with a positive and helpful go getter attitude.

Think you have the passion and inner fire for it? Bring it on and challenge us!