Senior Cybersecurity Detection Analyst

At Getronics we are looking to expand our IT Security team by incorporating a Cybersecurity Detection Analyst in remote mode during office hours although if you live in Barcelona or surroundings it would be great as our SOC is located there (not a must).

The person joining will help us build on the existing ATT & CK based managed manual for the Getronics Security Operations Center and develop it to the next level of maturity and capability. In addition, you will support us with the day-to-day threat detection work of a team of analysts serving a wide range of customers in different industries, as well as Getronics' private and hybrid cloud services and internal IT.

REQUIREMENTS

• Minimum two years of experience as Cybersecurity Detection Analyst and working with SIEM technology (QRadar, LogRhythm, Splunk Elastic Security, InsightsIDR, AlienVault OSSIM, etc.).
• Previous experience in other cybersecurity technical areas, e.g. SOC Analyst, Cyber Intelligence Technical Analyst, pentester, etc.
• Experience with hands-on implementation of detection playbooks based on the MITRE ATT&CK framework.
• Experience as a problem solver and analytical thinker.
• Experience and solid understanding of the information security threat landscape, such as attack vectors and best practices to protect systems and networks.
• Experience and/or advanced knowledge with at least two of the following technologies - Python, RegEx, Sigma and YARA.
• Experience with performance tuning correlation rules.
• Strong communication skills, ability to summarize well and write clear documentation.
• Fluent English, written and spoken as you will have international level interlocutions.
• Structured and results oriented way of working.

One or more of the following would be an asset, although not essential:

• Strong understanding of common logging and analysis formats, including cloud technologies.
• Experience with MITRE D3FEND
• Solid understanding of the cyber threat landscape.
• Desirable certifications/training: SANS SEC511 continuous monitoring (GIAC GMON certification), SIEM certifications (any fabricant), Cloud certifications (AWS, Azure, other).
• Engineering / Master's degree in Computer Science or Security, etc.

FUNCTIONS

• Develop threat detection rules to identify modern attacker techniques and tactics in close collaboration with threat intelligence, incident response, security analysts, security architects and infrastructure teams.
• Maintain the existing rule base to ensure effectiveness and efficiency and apply lifecycle management to extinguishment rules where appropriate
• Evaluate coverage against the ATT&CK framework to identify gaps and opportunities for improvement
• Develop and maintain effective metrics
• Support on-demand compliance use cases
• Identify need, create and maintain lists as needed to support correlation rules
• Create dashboards to support specific use cases for threat detection and train analysts in their use
• Provide guidance to threat search activities, e.g., by developing efficient search queries
• Develop detection strategies for existing and emerging business needs in collaboration with business and IT teams
• Analyzing alert trends to drive improvement
• Maintaining and improving data collection and co management frameworks and documentation