ROLE DESCRIPTION SUMMARY The position is directly accountable for the
proactive monitoring and analysing security events from multiple sources and
for autonomously managing security incidents to ensure a coordinated, timely
and effective response. He/she is the front line for SES security incident
response readiness and drives the definition, implementation and measurable
continuous improvement of SES’s security incident response framework. He/she
operates and continuously improves the vulnerability management process across
SES and supports key security management processes by collecting, creating and
disseminating threat intelligence within the organization as well as partner
organizations.
* Manage the full lifecycle of incident response automation playbooks to ensure the SES security function operates at scale in an intelligent manner
* Continually improve both on-premise and cloud native SIEM platforms to identify security incidents
* Continually improve log parsing and detection rule bases (use cases) by performing regular rule reviews to improve both false-negative and false-positive detections
* Continually validate and improve the technical infrastructure supporting security monitoring and incident response to ensure they are healthy and evolving at pace with emerging threats
* Autonomously work with departments across SES to ensure relevant systems and logs are onboarded to the SIEM
* Manage security incidents autonomously following the established incident response framework to ensure a coordinated, timely and effective response to security incidents.
* Perform in-depth technical analyses of security threats and incidents, including malware analysis, network and system forensic analyses
* Ensure SES security incident response readiness by driving the definition, implementation and continuous improvement of SES’s security incident response framework, including the creation of relevant policies, processes and procedures and incident response tools, and training of actors in the response process
* Collect and analyse security information from different information resources to identify relevant threats and vulnerabilities in order to improve security monitoring and incident response
* Create SES-specific threat intelligence from various data sources, such as managed security incidents, quarantined malware, etc.
* Disseminate synthesised intelligence information within the organization as well as external organizations, such as CERTs, ISACs or partner organizations.
* Manage the vulnerability management process to identify and prioritise vulnerabilities in SES’ systems, applications and services and communicate these to system owners
* Identify and disseminate information on critical vulnerabilities within the organization and propose mitigation plans
* Create and maintain policies, processes, procedures for all cyber security monitoring functions.
* Automate, maintain, and tune the infrastructure and tools of the cyber security operations function (including but not limited to SIEM platform regarding log sources onboarding, log parsing, rules/alerts/reports definition, SOAR platform, sandboxes, EDR tools, forensics workstations)
COMPETENCIES
* Very good analytical and problem-solving skills
* Autonomous with strong self-management skills
* Good coordination and project management skills
* Innovative mind
* Stress resistant and able to manage multiple incidents and tasks at the same time
* Good written and verbal communication skills
* Excellent team player
* Ability to effectively interact with all organization stakeholders
QUALIFICATIONS & EXPERIENCE
Required
* Bachelor’s degree and 9 to 10 years of experience in Cyber Security, Computer Science, Information Technology, or similar field (a combination of experience and education will be considered)
* Knowledge of computer forensics, security vulnerabilities and exploits
* Knowledge in cloud security, system security, application security and network security
* Knowledge of security technologies, such as Antivirus, Network and Host Intrusion Detection, Email Security, Enterprise Detection and Response, Web Proxy/Content Filtering, Authentication technologies, Security Information and Event Management (SIEM), Security Orchestration and Automated Response (SOAR)
* Experience programming and scripting skills in different languages such as C, SQL, and Python
* Ability to work on-call
* Fluency in English, any other language is considered as an asset
* Ability to travel domestically and internationally 10% of the time
* Ability to undergo security clearance process
Preferred
* Security certifications such as GCIH, GCFE, GCFA, GREM, or GCIA
* Experience in malware analysis and reverse engineering
* NATO/EU SECRET clearances
