With us you will be responsible for:
- Performing deep-dive incident analysis by correlating data from various sources
- Determining if a critical system or data set has been impacted
- Advises the Customer and internal Teams on threat remediation
- Providing support for new analytics methods for detecting threats
- Performing Emergency Incident Response activities
We expect you to have:
For an ideal SOC Incident Responder candidate:- Degree in Information Technology
- 4-8 years in Cybersecurity and SOC / CSIRT/ CERT Environments
- Good understanding of the security kill chain and MITRE ATT&CK Matrix
- Good understanding of Cyber Security perimeter technologies
- Good understanding of Security in Depth
- Deep understanding of security telemetry sources and analysis
- Experience with Cloud Cybersecurity Service providers - Microsoft Azure, AWS, IBM Cloud
- Deep experience in threat detection - endpoint, network and cloud
- Basic malware assessment
- Security Best Practices
Nice to have:
- Scripting language programming (Python, Powershell, Bash)
- Network security principles, protocols and technologies
- Operating systems security principles and technologies
- Application security principles and technologies
- Data security principles, protocols and technologies
- MS Windows operating systems administration
- *NIX operating systems administration
- Working with customer-specific environment (such as NGFW/IPS/SIEM/etc)
- Working with IR orchestration systems
Demisto
TheHive
MISP
Technical certifications and trainings are a plus:
- Python for Security Professionals / Python Scripting Expert (SPSE)
- Incident Response and Advanced Forensics
- Penetration Testing with Kali Linux (PWK) / Offensive Security Certified Professional (OSCP)
- Red Hat Certified System Engineer / Administrator (RHCSA/RHCE)
- SANS SEC501: Advanced Security Essentials - Enterprise Defender / GIAC Certified Enterprise Defender (GCED)
- SANS SEC503: Intrusion Detection In-Depth / GIAC Certified Intrusion Analyst (GCIA)
- SANS SEC504: Hacker Tools Techniques, Exploits and Incident Handling / GIAC Certified Incident Handler (GCIH)
- Knowledge of Atlassian Stack (Confluence, Jira)
- Knowledge of ServiceNow / other Customer Care platforms
We offer:
- Friendly, open-source company culture in the eco-friendly building with relaxing and gaming spots and terraces
- An extra week of vacation
- 2 sick days
- Home office possibility
- 2400 benefit points as an annual contribution to the home office
- Reward for emergency and overtime increased beyond legislation
- Free entry to Individual Fitness in the TietoEVRY building (Ostrava), Multisport card (Brno, office Anywhere)
- Education - IT courses, certifications, language courses and personal development
- Coffee, tea, and fruit in the workplace for free
- Offer of calls and other O2 telecommunication services for a special price
- Employee recommendation referral
- 77 CZK meal voucher flat rate