Incident Response Engineer
vor 14 Tg.

The Incident Response Engineer will work as a subject matter expert / hunter. He / she will be part of a computer security incident response team (CSIRT) in a security operations centre (SOC) of a bank in Switzerland and will be responsible, in a hands-

on position, to implement critical incidents integration with security information and event management (SIEM) tool, monitor and investigate alerts with Managed Security Service (MSS), propose security measures to mitigate the origin of the problems -

root cause - and interact with information technology (IT), information security and business teams to resolve the incidents : in other terms the Senior Incident Response will manage the 24x7x365 operations of the SOC

Tasks and Responsibilities :

  • Acts as an incident hunter not only waiting for escalated incidents
  • Develops SIEM use cases
  • Closely involved in developing, tuning and implementing threat detection analytics
  • Performs deep-dive incident analysis by correlating data from various sources
  • Determines if a critical system or data set has been impacted
  • Advises on remediation
  • Provides support for new analytic methods for detecting threat
  • Executes forensic analysis
  • Performs incident response and malware analysis to investigate incidents and potential indicators of compromise
  • Researches and incorporates relevant threat intelligence during the investigation and in written and verbal reports
  • Develops, documents and manages containment strategy
  • Maintains current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers;
  • and forensics and incident response

  • Is a technical reference to CSIRT
  • Participates to the elaboration of the processes of SOC and CSIRT
  • Tunes provided SIEM System, to reduce false positives and discover previously unknown threats
  • Maintains the confidentiality of operations and investigations
  • Manages and runs the vulnerability management tools, and perform follow up of resolution with IT team for the group
  • On-call duties are required to attend critical events
  • Knowledge, Skills and Education :

  • Postgraduate degree in information technology (IT) or information security area
  • At least 5 years’ experience in information security
  • A minimum of 2 years’ experience with SOC and being part of a computer security incident response team (CSIRT)
  • Expert on Splunk
  • Very good knowledge of JIRA
  • Experience with script language
  • Offensive security background
  • Advanced network forensics, host-based forensics, incident response procedures, log reviews, reverse engineering, malware detection and threat intelligence would be an advantage
  • Previous experience with security information and event management (SIEM) tool would be a plus
  • Knowledge in data correlation
  • Knowledge in regular expression
  • Expertise in analysis of TCP / IP network communication protocols would be an advantage
  • Knowledge in firewalls, intrusion detection systems (IDS), networking, windows, linux, data loss prevention (DLT), virtualization and cloud computing is a wish
  • Exceptional written communication to elaborate periodical reports
  • Well versed on the latest attacks, vulnerabilities, and trends associated with cyber security
  • Team working skills
  • Deep knowledge of network, application scanners (Nessus, )
  • Step 2
    Zu Favoriten hinzufügen
    Aus Favoriten entfernen
    Meine Email
    Wenn Sie auf "Fortfahren" klicken, stimmen Sie zu, dass neuvoo Ihre persönliche Daten, die Sie in diesem Formular angegeben haben, sammelt und verarbeitet, um ein Neuvoo-Konto zu erstellen und Sie gemäß unserer Datenschutzerklärung per Email zu benachrichtigen. Sie können Ihre Zustimmung jederzeit widerrufen, indem Sie diesen Schritten folgen.