Senior IT Security Analyst

Role Description:

The Senior IT Security Analyst / IT Security Lead is an individual contributor position within the company's global Threat Hunting Team, we are seeking a skilled and motivated Threat Hunting Specialist to join our global team. In this role, you will play a critical part in proactively identifying and mitigating advanced threats across the organization.

Leveraging CA&RR (Compromised Assessment & Rapid Response), an advanced persistent threat scanner and other cyber security tools, you will support the companys threat hunting operations by proactive identification of threats. The role also include, conducting digital investigations, analyzing security incidents, mitigating cyber risk and providing incident response recommendations.

You will be responsible for managing scans in , evidence acquisition, analysis of malware files, data breaches and unauthorized access by using CA&RR (Compromised Assessment & Rapid Response) & other cyber security tools. You will also have active contributions in the incident investigations and cooperate with CSIRT (Computer Security Incident Response Team), CTI (Cyber Threat Intelligence) and SOC (Security Operations Center) Global Teams. In case there is a need for follow-up activities and collection of evidence, you will be responsible for coordinating the work of different cross-functional teams.

Key Accountabilities & Responsibilities:

• scan management for a Compromise Assessment and Rapid Response (CA&RR) tool for various internal customers in the ERGO group
• analysis of findings in the CA&RR tools (e.g. detecting backdoor, attackers' tools, system misconfigurations, forensics artifacts or malicious activity)
• development of rapid response playbooks
• analysis of malware files
• creation of custom YARA and Sigma rules
• perform threat hunting iterations based on feed delivered from CTI Team and research on recent campaigns using EDR, APT Scanner and other security tools
• definition of threat remediation strategies for various internal customers in the ERGO group
• development and refinement of hypothesis to detect threats
• provide detailed reports on threat hunting iterations against known hacker groups
• cooperation with technical teams as the SOC, CTI and CSIRT

Key Competencies & Skills required

Technical Skills:

• Hands-on experience with hardware/software tools used in incident response, computer forensics, network security assessments
• understanding of Windows internals and Active Directory environments
• knowledge of Linux environment and Linux forensic skills
• understanding of MS Defender EDR and MS Sentinel environments to use KQL queries for threat hunting purposes
• general understanding of computer networking concepts and protocols
• understanding of scripting languages
• strong understanding of the Cyber Kill Chain, MITRE ATT&CK Framework, and modern threat actor TTPs
• ability to stay focused, keep calm and work under high stress
• ability to communicate with technical and business stakeholders
• ability to work in a multinational and multicultural environment
• strong teamwork culture with effective collaboration, cross-group partnership
• being an innovator, creative, passionate, independent, and motivated to make a difference and help reducing cyber risk for ERGO Group

Must have:

• Excellent written and verbal communication skills to effectively communicate and collaborate with global teams
• Strong analytical and critical thinking skills to troubleshoot and resolve complex security issues
• A results oriented, high energy individual who takes pride in their work

Behavioral Skills:

• Willingness to learn and quickly adapt to changing requirements.
• Proactive approach to identifying issues and presenting solutions and options

Previous Experience & Qualifications

Minimum Educational Qualification:

• Bachelors or Master’s degree in Computer Science /Engineering/Information Technology
• Candidate with non-computer science degree must have minimum 1 year of relevant experience
• MBA in IT / Insurance/Finance can also apply for Requirements Engineer and Test Engineer role.

Certification if any:

• Security+, CySA+, CEH, SC200 and/or equivalent certification is preferred

Years Experience & Knowledge:

• 2 to 6 years of experience