- Notera att ansökningsdagen för den här annonsen kan ha passerat. Läs annonsen noggrant innan du går vidare med din ansökan.
About the role The Group Security team is embarking on a mission of rapid maturity and require a highly motivated and talented information security specialist to help guide us on this journey.The Group Security team operates out of Stockholm and is responsible for securing the Kindred Group and its assets.We are searching for that certain someone who is not satisfied in just knowing common standards and frameworks, but instead likes to understand vulnerabilities, the exploitability, how to think like the adversary, and most importantly how to defend against them. You will have a real personal passion for security (across a broad range of domains), technology and an insatiable lust to develop further as a security expert (both technically and generally).Whilst the role is within the security operations line, there is ample opportunity to work across the broader Group Security and assist in the Cyber Security line (Red Team) on their initiatives (e.g. penetration testing, devops security, etc.) What you will be doing? Triage and respond to information security incidents reported via SIEM, ticketing system, email, etc…Perform root cause analysis, document findings and collaborate with technology/process owners to prevent future occurrences.Research, analyze and understand log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems.Automate manual processes via scripting and utilization of various tools and platforms.Perform raw data review in an effort to identify malicious activity for which signatures/content do not exist.Assist with the development of new content and tuning/filtering of existing content for SIEM, IDS/IPS, and other security technologies.Assist management in ensuring the team is executing on core responsibilities such as working incidents through to completion, ticket queue maintenance, documentation, training requirements, etc…Work with management to define and update standard operating procedures and response plans.Support efforts of stakeholders during all phases of the Incident Response process.Serve as a primary escalation point for security incidents.Manage or contribute to projects that directly correspond to the maturity and/or capabilities of the Security Operations team.Assist with the development and execution of the vulnerability management programme and correlation What have you done? Advanced knowledge of computer networking: TCP/IP, routing and protocols.Advanced knowledge of packet structure and previous experience performing in-depth packet analysis.Advanced knowledge of Incident Response methodologies and information security best practices/technologiesAdvanced knowledge regarding the administration, use, securing and exploitation of common operating systemsMinimum of 3 years' experience utilising HIDS/NIDS, SIEM, anti-virus, web-proxy, packet capture tools, host based analysis technologies in a security analyst capacityMinimum of 3 years' experience analyzing log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems required.Proficiency in log parsing and data analysis (REGEX is a must)Proficiency in Python 3 or other scripting languageDemonstrate knowledge of indicators of compromise (IOC) and Advanced Persistent Threat (APT) as it applies to event/incident/offense analysisResearch and analytical background and an analytical approach; especially with respect to event classification, event correlation, and root cause analysis.Able to perform true and false positive event (or offense) analysis with a high degree of accuracyMust exhibit an aptitude for thoroughly researching issues to determine a root causeMust exhibit the ability to take threat intelligence and correlate it within the context of event/incident/offense analysisFamiliarity with a standardised incident response framework, and ability to further develop the IRP and triage procedures within the SOCHighly desirable: experience with building and maintaining effective vulnerability management programme using industry standard technologies Highly desirable: experience with "The Hive" Incident Response Platform and associated technology or threat intelligence feeds and platforms (e.g. MISP, yara, virustotal, abuse finder etc.)Highly desirable: experience with cloud platforms like AWS, GCP or AzureHighly desirable: experience with O365 Education / Qualifications/ Professional Certificates Desirable: Relevant university degree, GNFA, GCFE, GPEN, GREM, OSCP or other technical certification, Certification for security operations technology e.g. SIEM, vulnerability management, HIDS/NIDS solutions, ...
Andra webbjobb i Stockholm
- Frontend-utvecklare inom React till Hjärt-Lungfonden, Stockholm
- Campaign Manager/Ad Ops
- We are looking for a new front-end developer to join the GLOMOsapiens crew!
- Frontendutvecklare till Avanza
- Senior .Net developer to SEB in Stockholm