Security Specialist

About this opportunity:

We are looking for a Security Specialist profile within the Cyber Defense Center (CDC) in Group Security. The Cyber Defense Center defends Ericsson from cyberattacks originating from external threat actors. It ensures we are one step ahead of adversaries, identify their plans and means to execute them, block and disrupt their execution, and remove their presence from within Ericsson. Its focus is on sophisticated antagonistic threat actors who can do the most harm to Ericsson as a company. In order to achieve this the cyber defense center consists of four teams: threat intelligence, the red team, a process and governance team, and cyber operations.

What you will do:

24x7 Security monitoring and incident handling across a complex network.
End-to-End triage & investigation of all the threat detections originating from technology.
Participate in incident response.
Support use case development of detection analytics.
Conduct research into new threats, identifying new IOC/TTPs.
Work in shifts with efficient and accurate handover procedures.
Identify improvements in automation and investigation procedures.
Work with the Red team to identify gaps or weaknesses in security coverage.
Create threat hunting use cases through security research and threat intelligence.
Adhere to SLAs for security investigations.

The skills you bring:
A minimum of 7 to 12 years of experience working within a Security Operations Center /Managed Security Services environment.
Organization and project management skills, Good documentation skills, Positive can-do attitude.
Ability to work at odd hours and work constructively under pressure.
Worked across different cultures in a global setting and with many stakeholders.
Impeccable integrity and track record of working with sensitive information.

Technical Competences
The Incident Response Process
Core networking skills
Live Windows, Linux and Memory Forensics
Active Directory Analysis
Network Threat Hunting
Basics of Vulnerability Management
Demonstrable experience with Incidence Response in leading public Clouds - Azure, AWS, GCP
Experience with Microsoft Azure Cloud - Azure Sentinel, Microsoft security stack, MS Graph API, Entra ID
Amazon Web Services (AWS) security tools such as Security Hub, AWS Guard Duty, AWS Macie, AWS CloudTrail
Google Cloud Platform (GCP) security tools such as Chronicle and Security Command Centre
Able to triage & investigate email threats using platforms like Microsoft EOP, Trellix, Proofpoint
Working knowledge of `Security products like Endpoint Detection Response (EDR), Identity Threat Detection (ITDR) & Response, Network Detection & Response (NDR) from leading vendors like Trellix, CrowdStrike, MS Defender for Endpoint, Vectra
Experience in IT Security and risk management.
Security related certification like SANS GCIH, GCIA, GMON, GREM, CEH, CISSP, CHFI and Incident Response certification is an added advantage.