Security Analyst

Responsibilities:

• Handling incident response procedures in the Security Operation Center in cooperation with our external IT security service provider
• Interpretation of alarms from SIEM and IDS/IPS systems as well as other common IT infrastructure security solutions
• Evaluation of log data, forensic analysis of malware samples and recommendation of appropriate countermeasures in the event of security incidents
• Anomaly and attack pattern detection along the cyber kill chain, for example as part of threat hunting
• Active stopping of malware propagation, C2 communication, active exploits, infiltrations and data outflows
• IT security support and further technical advice for business departments on IT security issues
• Further development of IT security standards, architectures and processes at EDAG, whilst incorporating the latest technologies and implementing further security alerts and solutions
• Participation in penetration tests

Skills and experience

• Successfully completed degree in computer science, information technology or comparable training
• At least 3 years of professional experience in one of the following areas: Incident Response, Malware Analysis or Pentesting
• Good knowledge of computer networks (OSI layers) and operating systems (Windows/Linux) as well as prior knowledge of analyzing Windows/Linux logs, experience with MacOS is an advantage
• Experience in dealing with common IT security systems as well as manual and tool-supported attack techniques
• Experience with Google Security Operations (formerly Chronicle), Elastic Stack and Microsoft Defender is desirable
• Experience in identifying and evaluating Indicators of Compromise (IoCs) and Threat Intelligence (TI) information, including domain and website analysis as well as assessing domain meta information and reputation.
• Ability to understand complex organizational relationships and areas of responsibility within a large organization and to apply security roles in accordance with information security guidelines
• Analytical thinking and problem-solving skills
• Ability to work independently, take initiative and be resilient in critical situations
• Certifications in offensive or defensive cyber security (e.g. OSCP, CISSP or SANS GIAC) are an advantage
• Fluent English skills