At H&M Group, we believe in making great design available to everyone. It’s essential in everything we do. Our family of brands — H&M, COS, Monki, Weekday, & Other Stories, H&M Home, ARKET, Afound  and H&M Home — offer customers around the world a wealth of fashion, beauty, accessories and homeware.

Within H&M's Cyber Security tech centre, our Cyber Defense Centre (CDC) is a key security function at H&M, forming the last line of defense when other security controls fail, safeguarding company staff and assets 24/7. 

Working in the H&M Cyber Defense Center you will work with world class tooling for threat hunting, detection and response based on cloud technology (For example, Azure Sentinel, Defender for Endpoint, Defender for O365, GCP SCC, Akamai, and more) with a dedicated team of DevOps engineers constantly develop tooling to support analysis, response and automations.

Our Cyber Defense Center is the beating heart in the defense of our company, combining intelligence, monitoring, incident response and threat hunting with an engineering mindset to make the most out of people and technology. 

As a Cyber Security Analyst in our CDC, you play a key role in H&M Group’s Cyber-Defense. You understand cyber security threats and the threat landscape, act to detect, analyze and respond to cyber-attacks, manage incidents and reduce risk to customers, colleagues, partners and the company. You will work with the team to improve the capabilities to reduce response time but at the same time maintain quality. We are taking advantage of the latest technology in intelligence and automation. Ultimately the aim is to bring value to our business by reducing risk! 

Responsibilities 

In this role you will be responsible for:  

• Analyze security incidents, alerts, and events​. 
• Investigate incidents according to SOP's and best practice​. 
• Perform remediation activities according to SOP's and best practice.​ 
• Interaction with stakeholders to support investigation and remediation​. 
• Escalation of major incidents according to SOP's 
• Support major incident response activities.​ 
• Improve detection, whitelisting, and automation for incident and alert handling​. 
• Improve and document SOP's

•  Can explain the principal requirements of major legislations and regulations relevant to information security.
• Can explain the principles of threat intelligence, modelling and assessment.
• Can explain the principles of a computer system, network and storage security architecture and how these can be used to reduce information risk. 
• Can explain the main principles and processes involved in conducting a compliance monitoring exercise. 
• Have experience with operating as a member of an intrusion and analysis team member. 
• Have experience with Incident management, investigation and response. 
• Have experience with developing custom detection in either SIEM or EDR solutions and understands the logic behind it. 
• Understands local (organization or project) identity and access management policies and processes and the operation of any IAM system. 
• Knowledge of network communication, cloud infra, OS and applications. 
• + 3 years of experience as a Security Analyst.  

Specific competence 

• Experience with SIEM and logging environments for threat analysis, investigate, threat hunting and triage analysis on various security solutions such as firewalls, IDS, identity protection, etc. 
• Experience with EDR (Endpoint Detection and Response) as part of incident response and investigation 
• Understand attack mitigations and improvements related to OWASP.
• Experience with Bot Management 
• Experience with Content Delivering Networks (CDN)  
• Experience in network-based detection technologies like IDS/flow analysis, PCAP-analysis, etc. 
• Experience in cloud-based computing on large scale (preferably Microsoft Azure, but also GCP or AWS) 
• Understand of threat landscape, trends and act proactively on threat intelligence 
• Good understanding of fundamental infrastructure components, network concepts, Operating Systems (Windows & Linux), intrusion, email systems, DNS, TCP/IP, etc. 
• Willing to work in a team-oriented environment and flexibility to work in a demanding environment, sometimes under time-pressure 
• Experience in complex incident response, investigation processes and documentation of incident cases 
• Basic knowledge in PowerShell and Python. 
• Curious, motivated and team player. 

Do you want to join us? We will trust you with great responsibility right from the start, reward a passionate mindset and encourage an entrepreneurial spirit. When you start a career with H&M Group, there’s no limit to where it can take you. 

This is a full-time position in Stockholm. If you feel that your experience, skills and ambitions are right for this role, please apply for the role below and attach your resume (no need for cover letter).

We look forward to receiving your application! 

H&M Group is committed to creating a Diverse & Inclusive environment and we are actively looking for qualified candidates irrespective of race, gender, gender identity, sexual orientation, ethnicity, religion, national origin, disability, or age.