Cyber Security Analyst / Incident Responder

We are looking for a Cyber Security Analyst / Incident Responder who will report to the Head of CSIRT and will analyze alerts raised by the SIEM and other security systems, managing potential incidents escalated by the SOC and other activators.

CSIRT Unit is responsible for end-to-end management of Cyber Security Incidents, from detection to containment, eradication, and recovery. The unit also executes threat hunting activities and continuously improves the incident management process. It manages the SOC, IR services, and phishing analysis processes in coordination with other security and IT teams within GOSP.

The Cyber Security Analyst / Incident Responder will execute all incident management activities, from containment to eradication, either directly or by coordinating with other IT departments. The role involves deepening analysis on emerging threats and performing threat hunting activities using available tools and resources.

The candidate will also support other teams within the CSO Division by:

• Supporting SIEM use case definition and alert engineering
• Supporting Vulnerability Management and Prevention
• Reviewing the effectiveness of EDR detections
• Supporting other teams within the GOSP CSO Division

Main tasks include:

• Analyzing security incidents identified by SOC and other activators, assessing severity, containing threats, and defining remediation activities
• Performing threat hunting activities to identify possible threats proactively
• Prioritizing incidents to determine appropriate responses and managing the incident lifecycle
• Identifying events that could disrupt operations, leveraging OSINT and early warnings from the Security Intelligence Team
• Limiting disruption and restoring normal operations
• Supporting, monitoring, and controlling mitigation and resolution activities
• Executing escalation processes during crises or emergencies
• Providing post-incident analysis and forensic analysis of infected assets
• Reporting and presenting analysis results to stakeholders
• Managing and evolving incident management tools

Additional support tasks may include monitoring security events, developing security intelligence tools, evaluating new tools, and supporting attack scenario definitions to minimize risks.

Requirements

Ideal candidates will have:

• A STEM degree with a strong passion for cybersecurity
• Knowledge of SIEM technologies (QRadar, Splunk, etc.) and Big Data analytics tools
• Understanding of attacker tactics, techniques, and procedures
• Knowledge of security implications and investigation methods for network infrastructure, security infrastructure, OS, core infrastructures, and web services, including TCP/IP and network protocols
• Experience in forensic analysis and threat hunting
• Proficiency in at least one programming language such as Python, C, C++, or Java

Nice to have:

• Certifications like GIAC GCFE, GSEC, CEH, CSX, CHFI, etc.

Soft Skills

• Passion for cybersecurity
• Ability to work in multicultural, international environments
• Strong analytical and communication skills
• Teamwork and knowledge sharing abilities
• Excellent English skills
• Problem-solving and analytical thinking
• Respect for privacy and confidentiality
• Resilience, imagination, judgment, and stress resistance

Company Profile

Generali is a leading player in the global insurance industry, present in over 60 countries with nearly 80,000 employees. GOSP, a joint venture between Generali and Accenture, provides IT and procurement services, supporting the Group's innovation and digital transformation from Italy across Europe.