(GDC) Cybersecurity Operations - Incident Response Specialist

Job description, responsibilities and duties

The Incident Response Specialist has technical and coordination responsibilities for managing Cybersecurity Incidents at Siemens Healthineers. In this function you support the definition and improvement of processes and procedures for Incident Detection, provide the technical expertise to address demands of the Respond and Recover phases of Incident Response, and you drive the continuous improvement phase of the Incident Response Process.

Tasks and Responsibilities:
The position will bring a mix of the following tasks and responsibilities:
• Assess, triage, and prioritize security-relevant events from logging and monitoring systems.
• Coordinate and lead Incident Response taskforces and provide technical expertise, working with different business functions such as IT Operations, HR, Legal, Data Privacy, Corporate Communications and Product Security.
• Document and track cybersecurity incidents through their entire lifecycle, from initial detection, triage, response to final resolution and improvements.
• Derive immediate mitigation measures for containment, eradication, and recovery of cybersecurity incident and keep track of its implementation progress during incident response task forces.
• Consume threat intelligence to detect, triage and remediate malware, threats and adversarial activity.
• Develop and carry out regular threat hunting (proactive) activities, making sure learnings are properly documented and propagated to neighboring teams and functions.
• Leverage threat hunting to create and maintain Situational Awareness for related company functions such IT operations, security architects, or service providers.
• Perform analysis of different log files and data sources to identify adversarial activity and anomalies.
• Assess newly arising vulnerabilities and Tactics, Techniques and Procedures (TTPs) to define defensive measures to detect and disrupt adversarial actions. Coordinate with neighboring functions to ensure those measures are turned into actionable changes.
• Collect forensic artifacts, analyze, reverse engineer, and document findings on malicious payloads so that indicators of compromise and information about threats origin and intents are properly disseminated and acted upon.
• Use industry standards to produce and disseminate our own Threat Intelligence to our internal counterparts and external partners.
• Consider business aspects to support an adequate triage and prioritization of cybersecurity incidents, whilst ensuring root-cause are properly clarified. Communicate findings and possible improvement measures in an actionable way.
• Operate and drive continuous improvement to SOC playbooks to protect company personnel, businesses, and assets.
• Document and communicate abstracts and consolidated incident-related findings and trends to support security architecture and security awareness functions.
• Understand and employ defense-in-depth principles and practices to create and maintain defense mechanisms.

Qualifications:
Knowledge of relevant technological aspects for this position. The ideal candidate should bring a mix of expertise in (a subset of) the following areas:
• Computer networking concepts and protocols, and network security methodologies
• Risk management processes and methods for assessing and mitigating risk
• Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Cybersecurity and how it impacts privacy principles.
• Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of log data and network traffic.
• Host/network access control mechanisms (e.g., access control list, capabilities lists).
• System administration, network, and operating system hardening techniques.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Incident categories, incident responses, and timelines for responses.
• Incident response and handling methodologies.
• Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Network traffic and packet-level analysis.
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Experience with Malware analysis, sandboxes, reverse engineering, and tools such as Radare2, OllyDbg, and Hex-Rays IDA Pro.
• Experience with operating system security controls on common platforms such as Linux, Windows.
• Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq)
• Models to describe and document cyber-attacks (e.g., reconnaissance, scanning, enumeration, persistency, lateral movement, exfiltration) such as Cyber Kill Chain or MITRE ATT&CK
• Cloud service models and how those models can limit incident response.
• Application Security Risks (e.g. Open Web Application Security Project Top 10 list).

Additionally:
• STEM studies are highly desirable but might be traded-off for relevant experience.
• 5+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable.
• Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM are desirable.

Personality Traits:
• Negotiation skills and ability to set and track priorities and deadlines.
• Able to work on a very tight schedule, while keeping track of tasks progress and deadlines.
• Able to structure complex problems and find practicable solutions to those.
• Team player but also able to work on an individual basis.
• Self-learning and curiosity to keep pace with the ever-evolving cybersecurity developments are highly appreciated.
• Advanced English and Communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise.

Soft Skills SLF Requirements:
• Collaboration & Customer Orientation (++)
• Intercultural Sensitivity (+)
• Team Development (+)
• Ability to multi-task and handle multiple assignments simultaneously, while focusing on delivery quality (++)
• Ability to use initiative when needed (self-motivation and proactive attitude) (++)
• Excellent communication skills (both written and verbal) in English (++)
• Quick learner and aptitude to get into new technologies and architectures (++)

Required education, skills and personality requirements

Required education
University education (Bachelor's degree)
University education (Master's degree)
Postgraduate (Doctorate)

Language skills

We offer

• Adjustable standing desk as a standard
• MSDN license for each developer with prepaid access to AZURE
• Free access to PLURALSIGHT – the WBT platform
• Team building program - 2 days adventure offsite meeting for all employees every year, Christmas party, extra budget for team building events
• Participation on world famous IT conferences like Microsoft IGNITE for best employees
• Wide project portfolio in healthcare domain and job rotation within company (Cybersecurity, Artificial Intelligence, Healthcare IT services, …)
• Training and development program (business and product trainings, e-learning, language courses, soft skills trainings,…)
• Health program (contracted wellness providers, sport centers, salary reimbursement in case of illness)
• Retention program (work anniversary, life anniversary, additional pension plan, employee loans)
• Family care program (subsidy for newborns, maternity leave, kindergardens, summer camps)