Beschreibung
Position goals:
The IT Security Engineer builds-up cyber incident detection and response capabilities in the IT Service Coordination organization. He or she implements usecases for incident detection in the cyber security area, for which the IT Service Coordination organization would be the best fit for the detection and the first analysis of predefined patterns found in events or in log files. The IT Security Engineer works in close collaboration with the various IT service owners, the Cyber Defense team and is responsible for the adequate training of the members in the IT Service Coordination organization.
Main tasks/activities:
Main responsibilities:
- Identify, analyze and describe use-cases for incident detection in the cyber security area, which are typically not in scope of individual IT service providers.
- For each relevant use-case, analyze the available information (logs and events), develop an incident detection strategy and evaluate its feasibility.
- For each incident detection strategy, document in detail the required information sources as well as the exact matching rules, respectively patterns of interest.
- In close collaboration with the IT service owners and with the tools available, implement the specified incident detection strategies, in order to enable the IT Service Coordination organization to be automatically alerted about the appearance of the predefined patterns in near-Real Time.
- Document RunBooks for the IT Service Coordination organization to respond to alerts on predefined use-cases in an appropriate manner, which includes procedures to collect evidence, to perform a first analysis, to distinguish false positive findings from true incidents and for how to either contain the incident, or how to escalate the incident.
- Train and test the IT Service Coordination organization on the use-cases to be performed.
Required skills:
- Self-motivated and highly proactive attitude
- Certified Information Systems Security Professional (CISSP), or equivalent
- Deep understanding of cloud related security concepts
- Hands-on experience in building-up a SIEM with ELK
- Experience with statistical data analysis
- Excellent verbal and oral communication skills (in English).
Ability and disposition to
- Understand complex technology stacks and their dependencies;
- Understand security as well as operational requirements and translate them into technical solutions;
- Work in a global company with people having different cultural backgrounds;
- Appear as professional and communicate target group related;
- Assume responsibility and drive projects autonomously;