Global financial institution with R&D development HUB in Prague. The company is using the most modern technology stack etc. Kubernetes, Openshift, cloud based technologies. Scrum based teams.
- Working in international multilocation environment
- Lead cyber security incident response engagements covering incident handling and coordination, in-depth technical analysis, and investigation through to recovery
- Develop IR initiatives that improve our capabilities to effectively respond and remediate security incidents (e.g. defining SIEM use-cases, identifying threat hunting hypothesis, promoting red-teaming activities, etc.)
- Perform analysis of logs from a variety of sources (on-premises and cloud-based) identifying potential threats
- Perform root cause analysis and drive implementation of containment and mitigation strategies
- Perform post incident lessons learned, root cause analysis and incident reporting
- Participate in Blue/Red teams exercise to test and improve our monitoring and response capabilities.
- Build automation for response and remediation of malicious activity
- Recommend security measures to address cyber threats identified in a proactive-based approach
- Help to improve the CERT process excellence by maintaining information security documentation in line with regulatory requirements
- Previous experience in a CERT or SOC team as well as involvement in IS Incident investigations
- Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic
- Expert working knowledge of technical and organizational aspects of information security, e.g., through prior defensive or offensive work experience
- Solid understanding of cyber threats and MITRE ATT&CK framework
- Deliverable-oriented, with strong problem-solving skills and adaptation on complex and highly regulated environment
- Team player willing to cooperate with multiple colleagues across office locations in a cross-cultural environment
- Good report-writing skills to present the findings of investigations
- Available during the working hours (Mo-Fr) + on-call duty
- Fluent in spoken and written English including security terminology
Advantage:
- Background in Malware Analysis, Digital Forensics and/or Cyber Threat Intelligence
- Experience in Threat Hunting including the ability to leverage intelligence data to proactively identify and iteratively investigates suspicious behaviour across networks and systems
- Development of automation of various CERT/SOC processes via SOAR solution
- Development (e.g. Python, Shell scripting)
- Cloud Security expertise (primarily GCP and Azure)
- Vulnerability Handling / Management
- Relevant Industry Certifications such as SANS/GIAC (e.g., GCIA, GCIH, GNFA, GCFA), CompTIA (Security+, Cloud+, PenTest+), OSCP, eLearnSecurity are desirable
- Fluency in German language
- Bonuses
- Work mostly from home
- Flexible start/end of working hours
- Contributions to the pension / life insurance
- Contribution to sport / culture / leisure
- Education allowance
- Individual budget for personal growth
- Educational courses, trainings
- Transport allowance
- Meal tickets / catering allowance
- Cafeteria
- Refreshments on workplace
- Corporate events
- Holidays 5 weeks
- Sick days
- Notebook