Incident & Threat Response Specialist

The ideal candidate will meet the following requirements:

• Bachelor’s degree, preferred in Computer Science and Engineering, or comparable training with professional experience in the relevant area
• Certification related to technical security (e.g. GIAC, OSCP, CEH) and willingness for continuous further qualification in relevant topics
• Ability to work in large international projects related to strategic topics and transformation initiatives.
• Demonstrated ability to work effectively as part of a diverse and cohesive team of technically interested colleagues.
• Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, participation participated in free skill-building / hacking challenges)
• Strong analytical and communications skills, and out-of-the box thinking with a problem-solving mind-set
• Solid work experience in a global organization
• Excellent written and oral knowledge and fluence in English.

The ideal candidate must be in possession of skills, and demonstrate solid practical hands-on experience, in most of the following areas: 

• understanding of the life cycle (so called "Kill Chain") of cyber security attacks, understanding of intrusion set tactics, techniques and procedures (TTPs) and experience in design and develop detective controls / use-cases along the Kill Chain,
• ability to understand and performing analysis of security events in central tools (e.g. SIEM, Syslog) and practical experience in working with some of the main commercial tools (e.g. Splunk, QRadar),
• solid understanding of network protocols and technologies, and ability to perform traffic analysis with common tools (e.g. Wireshark, TCPDump),
• proficiency in create and customize automation tools using multiple common programming / scripting languages (e.g. Python, Powershell, Bash, PERL, Ruby, PHP),
• ability to perform static and dynamic malware analysis and reverse engineering, with commercial and open-source tools (e.g. Cuckoo Sandbox, YARA, Virus Total),
• solid understanding of EDR concepts for performing threat detection / response and forensics analysis, and experience in working with some of the main commercial tools (e.g. CrowdStrike, ATP Defender, Cortex),
• knowledge of typical core security prevention and detection tools (e.g. FW, IDS, WAF, AV, proxy) and performing analysis of related security events and logs.