Security Monitoring Operator

We are looking for enthusiastic IT security fan to join our Threat Analysis&Services team as Security Monitoring Operator. Together with us, you will participate in the creation of new products/services and you will have access to the most modern technologies in the field of computer security.

Functional Responsibilities and Duties

• Work in global 24/7 MDR center and participate in shift operation under the supervision of senior colleague.
• Work with security monitoring systems EDR, XDR, SIEM, SOAR and other systems.
• Investigate security incidents and document adversary activity in monitored environments and escalate to the next analytic tier.
• Analyze client data and evaluate potential security threats.
• Participate in continuous development and improvement of monitoring solution.
• Participate on continuous monitoring, hunting, threat hunting, threat intelligence and other under the supervision and mentoring.
• Participate in design and maintenance of low-level EDR, XDR and correlation SIEM rules.
• Actively participate on toolset and rulesets improvement and fine-tuning of the MDR Security Toolset.
• Participate in development and improvement of Incident Response guidelines and playbooks.
• Perform triage malicious code encountered in client environments.
• Cooperate with colleagues performing in-depth analysis of malicious code.
• Prepare reports for the customer/communication with the customer about incidents.
• Cooperate in the development of security monitoring services and the system of reporting on security threats.

Requirements

Education

• Education in IT security field is an advantage.
• IT Security certificates or other technological certificates are advantage – CEH, Windows, Unix, Network Security.
• Cybersecurity certification ( GIAC, RHCE, CompTIA, CRTO, Offensive Security, Security Blue Teamsecurity vendors and other relevant certification) is advantage.
• Forensics analysis or Incident Response – advantage.

Experience

• Working in SOC – advantage.
• Working with and evaluation of outputs of security monitoring systems – advantage.
• Experience with SIEM or SOAR systems are advantage (Splunk, QRadar, Elasticsearch, ArcSight, LogRhythm, Palo Alto Cortex XSOAR, other).
• Experience with CTFs or similar cyber security competitions ( Hack The Box, Virtual Hacking Labs, TryHackMe ) is an advantage.

Knowledge

• Basic knowledge of the inner workings of the Windows/Linux system (how things work) - processes, registries, filesystem, services, scheduling etc.
• Basic experience with scripting ( PowerShell, Python, Javascript, Bash, LUA, other ) is an advantage.
• Basic knowledge of computer networks (IP address, port, protocols, MAC address, ...).
• English - Upper intermediate (B2)

Personal characteristics

• Willingness to participate in 24/7 shift handling monitoring client environments.
• Interest in continuous education in the field of computer security.
• Analytical thinking with an eye for detail.
• Patience when processing a lot of data.
• The ability to communicate with the customer.
• Independence.
• The ability to communicate with the customer.
• Desire to learn and gain experience in the field of digital forensics and incident response.
• General interest and overview of computer security field.

BENEFITY PRE TEBA

Flexibilita

Firemné podujatia

Benefity pre celú rodinu

Šport a zdravie Wellbeing

A ešte viac…