The position is responsible for monitoring and analyzing security events from
multiple sources and for managing security incidents to ensure a coordinated,
timely and effective response to security incidents.
The job holder ensures SES security incident response readiness and drives the
definition, implementation and continuous improvement of SES’s security
incident response framework.
He / She supports key security management processes by providing intelligence
from security incidents and identified vulnerabilities and threats.
PRIMARY RESPONSIBILITIES / KEY RESULTS AREAS
* Collect and analyze security information from different information resources to identify relevant threats and vulnerabilities and disseminate synthesized intelligence information within the organization
* Monitor and analyse security events from multiple sources to identify security incidents
* Perform in-depth technical analyses of security threats and incidents, including malware analysis, network and system forensic analyses
* Manage security incidents to ensure a coordinated, timely and effective response to security incidents:
* Assess and triage security incidents and coordinate the appropriate notifications and escalations in a timely manner
* Coordinate response actions in virtual incident response teams
* Document security incidents, including analysis results, the timeline of events and incident response activities
* Ensure SES security incident response readiness by driving the definition, implementation and continuous improvement of SES’s security incident response framework, including:
* relevant policies, processes and procedures,
* incident response tools and
* training of actors in the response process.
* Provide synthesized intelligence from different information resources and security incidents to support key security management processes, such as
* the development and promotion of information security policies, standards, processes and procedures and monitoring compliance to the information security policy framework
* information security risk management and
* the development and maintenance of SES’s information security awareness program
* On-call duty as required
COMPETENCIES
* Ability to coordinate cross-functional incident response teams and work
* Excellent experience in managing large and small scale incidents
* Autonomous
* Innovative mind
* Strong analytical and problem solving skills
* Stress resistant and able to manage multiple incidents and tasks at the same time
* Good written and verbal communication skills
* Excellent team player
* Ability to effectively interact with all organization stakeholders
Qualifications & Experience
* Minimum Bachelor’s Degree in Computer Science or equivalent
* Minimum of six years industry related experience in computer security and incident response
* Excellent experience managing large and small scale incidents
* Solid knowledge of and hands-on experience with state of the art incident response and forensics tools, techniques and tactics
* Experienced in employing best practices and forensically sound principles, such as evidence handling and chain of custody
* Good experience in malware analysis and reverse engineering
* Experienced in capturing memory, disk images and network traffic and analyzing them for indicators of compromise
* Good experience in analyzing and triaging security events from various sources
* Good programming and scripting skills in different programming/scripting languages
* Excellent understanding of the tools and tactics used by different threat agents
* In-depth knowledge of computer forensics, security vulnerabilities and exploits
* Strong knowledge in system security, application security and network security
* In-depth system security knowledge (multiple operating systems, including Windows platforms, and Linux) and application security knowledge, including a clear understanding of their vulnerabilities, exploits and how to secure them
* Solid working knowledge of security technologies, such as Antivirus, Network and Host Intrusion Detection Systems, Web Proxy/Content Filtering, Authentication technologies, Security Information and Event Management
* Relevant security certifications (e.g., GCIH, GCFE, GCFA, GREM, GCIA) and product certifications are a plus
* Fluency in English, any other language is considered as an asset
* Willingness to travel internationally
Other Key Requirements / Comments
* NATO/EU SECRET clearances are considered a strong asset. Candidate must be willing to undergo a security clearance procedure as this position might require holding security clearance
* Openness for worktime flexibility within 06:00am – 10:00 pm timeframe
