Aktiviere Job-Benachrichtigungen per E-Mail!

IT Security Engineer (Cyber Incident Response and Threat Hunting) - CERT - Group Security (f/m/d)

Deutsche Börse

Deutschland

Vor Ort

EUR 60.000 - 100.000

Vollzeit

Vor 28 Tagen

Erhöhe deine Chancen auf ein Interview

Erstelle einen auf die Position zugeschnittenen Lebenslauf, um deine Erfolgsquote zu erhöhen.

Zusammenfassung

Ein innovatives Unternehmen sucht einen engagierten Incident Response Engineer für sein Cyber Emergency Response Team. In dieser spannenden Rolle sind Sie verantwortlich für die Leitung von Cyber-Sicherheitsvorfällen, die Durchführung technischer Analysen und die Entwicklung von Initiativen zur Verbesserung der Reaktionsfähigkeit auf Sicherheitsvorfälle. Sie werden eng mit verschiedenen Teams zusammenarbeiten, um Bedrohungen zu identifizieren und zu bewältigen, während Sie sich auf die Automatisierung von Prozessen konzentrieren. Wenn Sie eine Leidenschaft für Cybersicherheit haben und in einem dynamischen Umfeld arbeiten möchten, ist dies die perfekte Gelegenheit für Sie.

Qualifikationen

Erfahrung in CERT oder SOC mit IS Incident-Untersuchungen.
Kenntnisse über Cyber-Bedrohungen und Schwachstellen.

Aufgaben

Leitung von Cyber-Sicherheitsvorfällen und technische Analyse.
Entwicklung von IR-Initiativen zur Verbesserung der Reaktionsfähigkeit.

Kenntnisse

Incident Response

Threat Hunting

Cyber Threat Intelligence

Problem Solving

Report Writing

Team Collaboration

Ausbildung

Relevant Industry Certifications (e.g., SANS/GIAC)

Degree in Cybersecurity or related field

Tools

SIEM

SOAR

Python

Shell scripting

GCP

Azure

Area of work:

Cyber Emergency Response Team (CERT) is the central unit for Information Security Incident Response. CERT performs its activities in strict cooperation with the Security Operation Center (SOC) and Cyber Analytics team, responsible for Cyber Threat Detection development, Threat Intel analysis, and Threat Hunting.

DBG CERT is looking for a highly motivated and curious Incident Response Engineer with experience in the identification, containment, and mitigation of IS incidents. You will be involved in all stages of IS Incident Response as well as in the Threat Hunting program. You're also expected to support the SOAR task force to automate detection and remediation and help us build the next generation of security operations and response platform within the Cyber Defense section.

Your responsibilities:

Lead cyber security incident response engagements covering incident handling and coordination, in-depth technical analysis, and investigation through to recovery.
Develop IR initiatives that improve our capabilities to effectively respond and remediate security incidents (e.g., defining SIEM use-cases, identifying threat hunting hypothesis, promoting red-teaming activities, etc.).
Perform analysis of logs from a variety of sources (on-premises and cloud-based) identifying potential threats.
Perform root cause analysis and drive implementation of containment and mitigation strategies.
Perform post-incident lessons learned, root cause analysis, and incident reporting.
Participate in Blue/Red teams exercise to test and improve our monitoring and response capabilities.
Build automation for response and remediation of malicious activity.
Recommend security measures to address cyber threats identified in a proactive-based approach.
Help to improve the CERT process excellence by maintaining information security documentation in line with regulatory requirements.

Your profile:

Previous experience in a CERT or SOC team as well as involvement in IS Incident investigations.
Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data, and network traffic.
Expert working knowledge of technical and organizational aspects of information security, e.g., through prior defensive or offensive work experience.
Solid understanding of cyber threats and MITRE ATT&CK framework.
Deliverable-oriented, with strong problem-solving skills and adaptation in a complex and highly regulated environment.
Team player willing to cooperate with multiple colleagues across office locations in a cross-cultural environment.
Good report-writing skills to present the findings of investigations.
Available during the working hours (Mo-Fr) + on-call duty.
Fluent in spoken and written English, including security terminology; proficiency in German is a plus.

Nice to have:

Background in Malware Analysis, Digital Forensics, and/or Cyber Threat Intelligence.
Experience in Threat Hunting including the ability to leverage intelligence data to proactively identify and iteratively investigate suspicious behavior across networks and systems.
Development of automation of various CERT/SOC processes via SOAR solution.
Development (e.g., Python, Shell scripting).
Cloud Security expertise (primarily GCP and Azure).
Vulnerability Handling / Management.
Relevant Industry Certifications such as SANS/GIAC (e.g., GCIA, GCIH, GNFA, GCFA), CompTIA (Security+, Cloud+, PenTest+), OSCP, eLearnSecurity are desirable.

Hol dir deinen kostenlosen, vertraulichen Lebenslauf-Check.

eine PDF-, DOC-, DOCX-, ODT- oder PAGES-Datei bis zu 5 MB per Drag & Drop ablegen.