At Getronics we are looking to expand our IT Security team by incorporating a Cybersecurity Detection Analyst in remote mode during office hours although if you live in Barcelona or surroundings it would be great as our SOC is located there (not a must).
The person joining will help us build on the existing ATT & CK based managed manual for the Getronics Security Operations Center and develop it to the next level of maturity and capability. In addition, you will support us with the day-to-day threat detection work of a team of analysts serving a wide range of customers in different industries, as well as Getronics' private and hybrid cloud services and internal IT.
REQUIREMENTS
- Minimum two years of experience as Cybersecurity Detection Analyst and working with SIEM technology (QRadar, LogRhythm, Splunk Elastic Security, InsightsIDR, AlienVault OSSIM, etc.).
- Previous experience in other cybersecurity technical areas, e.g. SOC Analyst, Cyber Intelligence Technical Analyst, pentester, etc.
- Experience with hands-on implementation of detection playbooks based on the MITRE ATT&CK framework.
- Experience as a problem solver and analytical thinker.
- Experience and solid understanding of the information security threat landscape, such as attack vectors and best practices to protect systems and networks.
- Experience and/or advanced knowledge with at least two of the following technologies - Python, RegEx, Sigma and YARA.
- Experience with performance tuning correlation rules.
- Strong communication skills, ability to summarize well and write clear documentation.
- Fluent English, written and spoken as you will have international level interlocutions.
- Structured and results oriented way of working.
One or more of the following would be an asset, although not essential:
- Strong understanding of common logging and analysis formats, including cloud technologies.
- Experience with MITRE D3FEND
- Solid understanding of the cyber threat landscape.
- Desirable certifications/training: SANS SEC511 continuous monitoring (GIAC GMON certification), SIEM certifications (any fabricant), Cloud certifications (AWS, Azure, other).
- Engineering / Master's degree in Computer Science or Security, etc.
FUNCTIONS
- Develop threat detection rules to identify modern attacker techniques and tactics in close collaboration with threat intelligence, incident response, security analysts, security architects and infrastructure teams.
- Maintain the existing rule base to ensure effectiveness and efficiency and apply lifecycle management to extinguishment rules where appropriate
- Evaluate coverage against the ATT&CK framework to identify gaps and opportunities for improvement
- Develop and maintain effective metrics
- Support on-demand compliance use cases
- Identify need, create and maintain lists as needed to support correlation rules
- Create dashboards to support specific use cases for threat detection and train analysts in their use
- Provide guidance to threat search activities, e.g., by developing efficient search queries
- Develop detection strategies for existing and emerging business needs in collaboration with business and IT teams
- Analyzing alert trends to drive improvement
- Maintaining and improving data collection and co management frameworks and documentation