In our holistic view of Cybersecurity Operations, the Blue Team does not only detect and react to attacks but also strives to continuously improve the Cybersecurity posture and maturity of our organization. Blue Teamers are natural problem solvers and are personally satisfied with every step towards improvement.
In this function you support the continuous improvement of the defensive security (but also in a certain extent organizational and processual aspects) of the organization cybersecurity maturity levels. You are responsible for addressing findings from audits, pentests or cybersecurity incidents and turn those into actionable measures towards the sustainable improvement. Likewise, you also have the freedom to employ your technical abilities to find weaknesses on your own and propose the most-suitable measure to set issues straight.
Tasks and Responsibilities
The position will bring a mix of the following tasks and responsibilities
- Coordinate the remediation of audit, pentest or red team findings developing a close collaboration with the respective teams and ensuring that the solutions are designed to be sustainable and scalable.
- Coordinate and participate in Red Team-Blue Team exercises and derive learnings that turn into improvement of our defenses.
- Proactive responsibility to ensure feedback from security architects, developers and operations teams to the suggested measures are properly incorporated in our architectures, control frameworks and incident response process.
- Analyze currently existing security data sources and derive patterns and use-cases for the detection of incident or anomalies.
- Expand detection coverage by including new data sources or by making recommendations on how to increase the value for incident detection and response
- Standardize data source and data quality by creating standard configuration profiles and support partner teams in implementing those
- Derive trends and insights from data sources, turn those into insights and knowledge to improve defense mechanisms and security architecture of systems and networks.
- Develop and carry out proactive threat hunting activities, making sure that learnings are properly delivered and implemented to neighboring teams and functions.
- Leverage threat hunting to create and maintain Situational Awareness for related company functions such IT operations, security architects, or service providers.
- Assess newly arising vulnerabilities and Tactics, Techniques and Procedures (TTPs) to define defensive measures to detect and disrupt adversarial actions. Coordinate with neighboring functions to ensure those measures are turned into actionable changes.
- Perform analysis of different log files and data sources to identify adversarial activity and anomalies.
- Consider business aspects to support an adequate triage and prioritization of cybersecurity incidents, whilst ensuring that root causes are properly clarified and addressed. Communicate findings and possible improvement measures in an actionable way.
- Understand and employ defense-in-depth principles and practices to create and maintain protection mechanisms.
Knowledge of relevant technological aspects for this position. The ideal candidate should bring a mix of expertise in (a subset of) the following areas:
- Computer networking concepts and protocols, and network security methodologies
- Risk management processes and methods for assessing and mitigating risk.
- Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Cybersecurity and how it impacts privacy principles.
- Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate malware and threats based on threat intelligence as well as on analysis of log data and network traffic.
- System administration, network, and operating system hardening techniques.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Incident categories, incident responses, and timelines for responses.
- System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Experience with operating system security controls on common platforms such as Linux, Windows.
- Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq)
- Cloud service models and how those models can limit incident response.
- STEM studies are highly desirable but might be traded-off for relevant experience.
- 3+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable.
- Relevant Industry Certifications such as SANS/GIAC (eg. GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM as well as vendor-related certifications are desirable.
- Expected time travelling abroad 0-25%.
- Able to build long-lasting working relationships across different business areas and IT departments and foster technical collaboration and exchange.
- Able to work on a very tight schedule, while keeping track of tasks progress and deadlines.
- Able to structure complex problems and find practicable solutions to those.
- Team player but also able to work on an individual basis.
- Self-learning and curiosity to keep pace with the ever-evolving cybersecurity developments are highly appreciated.
- Advanced English and Communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise.
Soft Skills SLF Requirements
- Strategic Innovative Orientation (+)
- Leadership (+)
- Collaboration & Customer Orientation (++)
- Intercultural Sensitivity (+)
- Team Development (+)
- Ability to multi-task and handle multiple assignments simultaneously, while focusing on delivery quality (+)
- Ability to use initiative when needed (self-motivation and proactive attitude) (++)
- Excellent communication skills (both written and verbal) in English (++)
- Quick learner and aptitude to get into new technologies and architectures (++)
Adjustable standing desk as a standard
MSDN license for each developer with prepaid access to AZURE
Free access to PLURALSIGHT – the WBT platform
Team building program - 2 days adventure offsite meeting for all employees every year, Christmas party, extra budget for team building events
Participation on world famous IT conferences like Microsoft IGNITE for best employees
Wide project portfolio in healthcare domain and job rotation within company (Cybersecurity, Artificial Intelligence, Healthcare IT services, …)
Training and development program (business and product trainings, e-learning, language courses, soft skills trainings,…)
Health program (contracted wellness providers, sport centers, salary reimbursement in case of illness)
Retention program (work anniversary, life anniversary, additional pension plan, employee loans)
Family care program (subsidy for newborns, maternity leave, kindergardens, summer camps)
Basic wage component (gross) and other rewards : starting from 2000EUR brutto /month + VAR*
*We are required by law to disclose basic wage component (minimum salary) for the advertised positions. We carefully consider your professional qualifications and experience in our compensation package and/or when offering you other positions.
Our goal is to pay our employee's fairly, with regard to the market situation and we are ready to welcome high-quality candidates in our team.
Organization: Information Technology
Company: Siemens Healthcare s.r.o.
Experience Level: Experienced Professional
Job Type: Full-time