SOC Analyst

Serves as a contact person to users for cyber security issues, mainly engages in real-time (threshold) security monitoring, event evaluation, alert triage, and incident response. Identifies/filters false positives for process optimization. Responsible for verification, assessment, and classification of reported Cyber Security incidents. Communicates incident remediation status and escalates to relevant parties.

Handles incidents according to response plans/runbooks and escalates incidents to related parties, Tier 2 or Tier 3 for remediation. Reviews incidents after closure for potential detection and process improvements. Supports discovery, configuration, and vulnerability scanning. Work on tickets and alerts, by following agreed procedures.

Job Description:

• Perform real-time proactive security monitoring, detection and response to security events and incidents within the protected environment from the various SOC entry channels (SIEM, Tickets, Email and Phone).
• Manage incident response including incident detection, analysis, containment, eradication, recovery, and chain of evidence/ forensic artifacts required for additional investigations.
• Conduct thorough checklist-based investigation of security events generated by detection mechanisms such as SIEM, IDS/IPS, and AV.
• Categorize the events and raise necessary incidents after a thorough quality check of the event.
• Utilize advanced network and host forensic tools to triage and scope an incident.
• Perform investigation and analytics of network, host-based payloads and artifacts concerning the incident.
• Correlate additional context from the Threat Intelligence (TI) team for the incident during investigation and analysis.
• Participate in Vulnerability Management processes.
• Create recommendations and requirements for content detection and response, SOC processes, procedures and systems.
• Provide technical support for forensics services to include evidence seizure, computer forensic analysis and data recovery, in support of computer crime investigation.
• Work as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats.

Job Requirements:

• Demonstrates a broad awareness of cybersecurity events and threat actors, including trends and emerging systemic risks.
• Good understanding of basic security principles including malware analysis, cryptography, threats and vulnerabilities, access control, application, data, and host security.
• Basic understanding of Operating Systems, Virtualization technologies, Network Devices, Cloud computing concepts, Web Proxies, Firewalls, Intrusion Detection/Prevention Systems, Antivirus Systems, Data Loss Prevention, and Vulnerability Assessment tools.
• Strong understanding of security incident management, malware management and vulnerability management processes.
• Ability to follow through on all phases of the incident response and identify attacks, determine initial vectors, and complete the scope of incidents.
• Knowledge of TCP/IP Protocols, network analysis, network/security applications and common Internet protocols and applications.
• Experience in troubleshooting in a technical environment as well as basic forensics tools and web history tools.
• Excellent English written and verbal skills.
• Proficient in Microsoft Office applications, case management and ticketing systems.
• Security monitoring experience with SIEM technologies (e.g. IBM QRadar, Splunk, Sentinel)

Personal Qualities:

• Innovative and eager to learn in a rapidly evolving field.
• Personality traits, work habits, communication, and social skills are necessary to work effectively within a dynamic and highly operational environment.
• Exemplary personal and professional integrity and demonstrate strong interpersonal skills.
• Excellent analytical and problem-solving skills with strong attention to detail.
• Ability to manage multiple tasks, priorities, and operational assignments in a high-pressure environment.
• Must have good time management skills with a demonstrated ability to complete assignments in a timely, high-quality manner.
• Security Operation Center positions require employees to obtain and maintain a security clearance.

What we offer:

• Highly competitive salary proposal
• Strong employee benefits list: brand new office, private medical insurance, certified training possibilities, 24 vacation days + free birthday leave, regular team-building and company events, as well as other benefits according to company’s benefits policy, Bi-annual bonus based on the seniority within the company, meal tickets and different gift vouchers, etc.
• Possibility of growth within Arvato Systems Global Delivery frame
• Interesting projects and solutions implement and operate for Bertelsmann Group and international external customers
• Committed and helpful team with a "WE" feeling
• Possibility to work in mutual trust and positive team environment, to be creative and improve working flows by self-initiatives
• Friendly, multicultural and cooperation orientated colleagues.