To strengthen the Computer Security Incident Response Team (CSIRT) of our client, an international company in the financial sector, who provides first class global security solutions and services for internal clients giving you the opportunity to work in an international context and international environment, we are looking for a
(Senior) Security Incident Response Engineer in a high complex environment with excellent career opportunities for the location in Basel
In this role you will work as a subject matter expert/hunter and will be the leader of a Computer Security Incident Response Team (CSIRT) in a Security Operations Center (SOC) and will be responsible, in a hands-on position, to implement critical incidents integration with Security Information and Event Management (SIEM) tool, monitor and investigate alerts with Managed Security Service (MSS), propose security measures to mitigate the origin of the problems and interact with Information Technology (IT), Information Security and business teams to resolve the incidents: in other terms the Lead Incident Response will manage the 24x7x365 operations of the SOC.
In addition to that you will be able to start the SIEM project for our client from scratch, and will lead all process definition regarding a Security Operations Center Implementation. Furthermore you will be responsible to define with Business, Information Technology and Information Security leaders which are most critical incidents that must be monitored by the SIEM tool, detail how SIEM will identify the incident, follow the implementation with delivery team and define the processes detailing all actions that must be done in occurrence of those incidents.
You will also take on other responsibilities such as:
- Closely involved in developing, tuning and implementing threat detection analytics; performs deep-dive incident analysis by correlating data from various sources; determines if a critical system or data set has been impacted; advises on remediation; provides support for new analytic methods for detecting threats; execute forensic analysis
- Performs incident response and malware analysis to investigate incidents and potential indicators of compromise; acts as an incident hunter not only waiting for escalated incidents
- Maintain current knowledge of tools and best-practices in advanced persistent threats, tools, techniques, and procedures of attackers; and forensics and incident response; research and incorporate relevant threat intelligence during the investigation and in written and verbal reports
- Develop, document and manage containment strategy
- Be a technical reference to CSIRT; elaborate processes of SOC and CSIRT; tune provided SIEM System, to reduce false positives and discover previously unknown threats
- Maintain confidentiality of operations and investigations
- On-call duties are required to attend critical events
To cope with the tasks you have several years of experience in IS as well as with SOC and being part of a CSIRT. Ideally you have a university degree in computer science, Information security area (University of applied sciences, University) or equivalent education/further education in a related field. A valid work permission for Switzerland is mandatory.
In addition, you can demonstrate knowledge of the following points:
- Minimum two worldwide recognized of following certifications to prove deep and vast security knowledge: CISSP: Certified Information Systems Security Professional; SANS SEC503: Intrusion Detection In-Depth; SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling; SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques; CEH: Certified Ethical Hacker
- Advanced network forensics, host-based forensics, incident response procedures, log reviews, reverse engineering, malware detection and threat intelligence
- Previous experience with security information and event management (SIEM) tool; knowledge in data correlation; Knowledge in regular expression; Experience with script language; Expertise in analysis of TCP/IP network communication protocols;
- Well versed on the latest attacks, vulnerabilities, and trends associated with cyber security; Knowledge in firewalls, intrusion detection systems (IDS), networking, windows, linux, data loss prevention (DLT), virtualization and cloud computing
- Exceptional written communication to elaborate periodical reports; Team working skills