SOC - Threat Detection and Response Expert
SOC - Threat Detection and Response Expert
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Role: Threat Detection and Response Expert
Team description and details of role
The Threat Detection & Response Manager works within the Security Operations Center (dbSOC) which is set up within a FollowTheSun model. He/She is responsible for the monitoring detection and analysis of information security events and incidents.
Additionally he/she acts as a specialist for information security incident response processes to protect the Bank its partners and clients of any potential loss. Besides operations tasks he/she will be supporting to evaluate and adjust processes tools and reporting as well as lead smaller projects.
The objective is to identify and close gaps in the event detection as well as improving the detection analysis and response of security events ideally in an automated way.
Focus is on events in the area of network endpoint and cloud security (GCP/Chronicle).
Responsibilities
- Perform risk assessments to evaluate the criticality of information security events
- Monitoring detection and analysis of securityrelevant events including response and documentation
- Improvement of the current threat detection capabilities ideally via automation of standard processes
- Ensuring of effective daily Operations managing workload of the Threat Detection & Response Team
- Acting as escalation and contact point for more critical cases complaints or process queries.
- Definition review and enhancement of Threat Detection & Response processes and tools
- Ensuring that predefined processes and SLAs get met.
- Reporting of Information Security Incidents to Senior Management and regulators.
- Supporting the entire SOC team with your security expertise and process knowhow
- Disciplinary leadership of a small team.
Required Experience
- Good understanding of enterprise technologies especially focusing on security devices network engineering operating systems databases and security configurations on application level
- Experience with analyzing system logs including network traffic logs payload event logs application logs firewall logs Active Directory etc.
- Experience with Security Incident and Event Management (SIEM) systems ideally with Splunk Enterprise Security and Chronicle SecOps
- Good knowledge of current threat landscape and attack scenarios/tactics as well as containment and protection measures
- Fluent English skills
- Very good communication analytical and documentary skills
- Independent way of working with strong problemsolving ability
- Experienced in communicating with higher management levels
- Ideally project management skills and experience
- Ideally experience in KPI reporting
- Ideally first leadership experience
Education/Experience
- Study in IT Information Security or any other comparable profession or any other comparable apprenticeship
- Cyber Security expertise proven by industrystandard certifications such as CISSP CISM GCIH or similar
- Ideally experience with cloud monitoring (Azure Google)
- Knowledge of risk assessment tools technologies and methods.
- Experience with monitoring and logging tools (e.g. Splunk)
- Experience with cloud native SIEM or SOAR tools (e.g. Google Chronicle)
Employment Type
Full Time
