We are looking for a Cybersecurity Specialist.
Job Summary:
Monitor, analyze and report possible cybersecurity attacks.
Investigate and perform analysis of threat indicators.
Gather Indicators of compromise and any relevant data to use with threat hunting activities.
Leverage security tools (SIEM, EDR, and more) for analysis to identify malicious activities.
Analyze identified malicious activity to determine Tactics, Techniques and Procedures.
Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.
Monitor and actively conduct investigations and analysis related to Cyber Threat Intelligence gathered from the internet and dark web related to threats facing the organization.
Participate in on-call and hands on scheduled shift rotations including off business hours.
Collaborate well and work with other cybersecurity and IT team members.
Coordinate Security Incident Response and investigation with other internal teams and 3rd party providers.
Conduct incident investigations using security tools and solutions (SIEM, EDR, firewalls, etc.).
Complete Security Incident and Investigation reports.
Onboard and monitor cloud environments (Azure, AWS, or GCP) into SIEM.
Develop and document processes, operational procedures, and enhance playbook workflows.
Deploy, manage and administer tools used by other cybersecurity teams related to endpoint protection, email security, vulnerability scanning, etc.
Review enterprise security tools and controls to review system health, identify misconfigurations, and implement tuning recommendations per vendor best practices.
Maintain existing or create new procedures and processes for administering and managing cybersecurity tools under the purview of the team.
Respond to and address support tickets for our tools that arise from different end users and teams via the enterprise ticketing system
Provide proactive security investigation and searches on corporate environments to detect malicious activities.
Maintain up-to-date understanding of security threats, countermeasures, security tools, Cloud Security and SaaS technologies.
Maintain technical proficiency through training, keeping up with industry best practices, and security frameworks.
Report on team metrics for the CISO leadership team and the IT & Cyber GRC team.
Report on all applicable compliance related obligations.
Requirements: 3-5 years of relevant experience in performing, Cybersecurity operations, Cybersecurity Threat Intelligence, Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment.
Knowledge of NIST Cybersecurity Framework, MITRE ATT&CK.
Knowledge of creation and fine tuning SIEM use cases.
Security monitoring experience with cybersecurity and SIEM technologies.
Experience with building SOC processes, playbooks, SIEM correlation rules, and incident reports.
Experience with threat hunting and security incident investigation.
Knowledge of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more.
Knowledge of incident investigation, working with in-house and vendor teams to research, identify and report on incidents.
Knowledge of security incident management, malware analysis and vulnerability management processes.
Strong technical and learning agility, able to adapt to constantly evolving threats, domains and technologies.
Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
Experience with the security logging and monitoring of cloud environments.
Experience analyzing different data sets and preparing metrics and reports (e.g. Excel, Sheets, PowerBI).
Experience with Atlassian products, especially JIRA and Confluence.
This position is open to all candidates.