- Triage the security events that are escalated by our SOC team.
- Coordinate and lead Incident Response (IR) taskforces and provide technical expertise, working with different business functions such as IT Operations, HR, Legal, Data Privacy, Corporate Communications and Product Security.
- Derive immediate mitigation measures for containment, eradication and recovery of cybersecurity incidents and keep track of its implementation progress during incident response task forces.
- Leverage threat hunting to create and maintain Situational Awareness for related company functions such IT operations, security architects, or service providers.
- Perform analysis of different log files and data sources to identify adversarial activity and anomalies.
- Assess newly arising vulnerabilities and Tactics, Techniques and Procedures (TTPs) to define defensive measures to detect and disrupt adversarial actions. Coordinate with neighboring functions to ensure those measures are turned into actionable changes.
- Collect forensic artifacts, analyze, reverse engineer, and document findings on malicious payloads so that indicators of compromise and information about threats origin and intents are properly disseminated and acted upon.
- Consider business aspects to support an adequate triage and prioritization of cybersecurity incidents, whilst ensuring root-cause is properly clarified. Communicate findings and possible improvement measures in an actionable way.
- Organize lessons learned sessions after the incidents in order to support in the improvement of the current security posture of the company.
- Collaborate with the rest of the CSIRT team in the creation of IR playbooks.
- Collaborate with other CSIRT and CERT teams in Incident Response when multiple companies are impacted.
- Computer networking concepts and protocols, and network security methodologies.
- Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of log data and network traffic.
- Host/network access control mechanisms (e.g., access control list, capabilities lists).
- System administration, network, and operating system hardening techniques.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Incident response and handling methodologies.
- Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Network traffic and packet-level analysis.
- System and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Experience doing forensic analysis of both Linux and Windows systems.
- Experience with Malware analysis, sandboxes, reverse engineering, and tools such as Radare2, OllyDbg, and Hex-Rays IDA Pro.
- Experience with operating system security controls on common platforms such as Linux, Windows.
- Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq).
- Models to describe and document cyber-attacks (e.g., reconnaissance, scanning, enumeration, persistency, lateral movement, exfiltration) such as Cyber Kill Chain or MITRE ATT&CK.
- Cloud service models and how those models can limit incident response.
- Application Security Risks (e.g., Open Web Application Security Project Top 10 list).
- STEM studies are highly desirable but might be traded-off for relevant experience.
- 5+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable.
- Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM are desirable.
Organization: Siemens Healthineers
Company: SIEMENS HEALTHCARE, S.L.U.
Experience Level: Mid-level Professional
Full / Part time: Full-time