Join the global cyber defense team of an international organization, within a challenging and complex threat landscape. Bring on expertise and knowledge to enable, improve and automate the monitoring, detection and response capabilities of a diverse environment with lots of cloud security considerations, and many opportunities to grow and develop! As expertise is needed in different areas, freelancers with longer term contribution outlook are also considered for this team. Role Overview: Be part of a diverse, international security engineering team, with devops approach and cross-skilled experience and knowledge, providing a secure environment and enabling the Security Operations analysts to better defend the organization and its assets. Be involved in full cycles of designing, building, fine tuning and improving security detection and response capabilities understanding threat actors’ TTPs; use data analytics, define and implement new tooling and collaborate with stakeholders to improve response actions in a large cyber defense SOC environment. Advise on best data collection and analysis, acting on data and reporting utilizing SIEM and SOAR approach and tools to optimize and automate for efficient resource management, proper use case / model build up and fine tuning and overall intelligent detection linked to the threat model and business realities of a global organization. Contribute to securing both internal networks/infrastructure and cloud (Azure, AWS, GCP) infrastructure and the relevant applications, enabling better monitoring and detection by utilizing large amounts of data and modern detection techniques. Utilize orchestration and automation response (SOAR) approach and tools to optimize and automate for best resource and best response possible to threats. Add value to multiple security projects in a multi-disciplinary team setup, advise and hands on contribute to get things done. Bring to the right stakeholders the right actionable information enabling them to better defend and manage risk (intelligent reporting, dashboarding, automation etc). Stay on top of ongoing security threats and overall developments in the security landscape linked to the organization’s threat model, and bring from an engineering perspective insight on how to leverage new methodologies, tools and optimizations and practically implement these More info and full details available – reach out for a full conversation and insight on the role, the team, the organization and overall environment! Requirements: 3+ years of experience in a relevant area in IT security, with a relevant background / education and experience in security areas that add value to the security engineering side of things in a SOC / SecOps setting (monitoring and detection, infrastructure / cloud security etc). Comfortable working with and making the most of large data sets (collection, analysis, response), creating content/use cases/models and bringing an automation mindset. Experience with SIEM,Network Security (IDS/IPS), EDRs, cloud native security tools. Automation experience and comfortable with programming / scripting (python/ shell/bash or similar) enabling you to do that. Strong defensive mindset with good understanding of threat actors TTPs and how to defend against these. Good communication skills as you’ll be working in multidisciplinary environment and with many local and distributed teams and across many projects. Problem solving mindset with a get things done mentality. Team player that’s not afraid to take initiative and work also independently where needed to bring things to a successful completion. Get in touch to discuss further and share more details on this or other relevant projects (including discussing your career in information security in general!). Relevant terms: Security Engineering, IT Security, SIEM, SOC, Detection and Triage, Incident Response, Threat Intelligence, Forensics, Security Data Lake, SIEM, IDS, IPS, Log collection, Log Management, Network Security, System Security, Application Security, Cloud Security, AWS, Amazon Web Services, Microsoft Azure, Google Cloud Platform Services, Linux, Windows, Splunk, ELK, ArcSight, QRadar, Azure Sentinel, GuardDuty, Security Orchestration and Response, SOAR, Rapid 7 Phantom, InsightConnect, Palo Alto Demisto / XSOAR, IBM Resilient SOAR, ThreatConnect, Swimlane, RSA NetWitness, Behavior Analysis, DartTrace, SmartResponse, Containers, Docker, Kubernetes, Python, Bash, Shell. Base Cyber Security helps organizations build knowledge and capabilities in information security. Supporting organizations putting together strong infosec teams or finding the right cyber security experts for their needs is a big part of that. We work with security professionals globally for information and cyber security roles and projects across all industries in Europe. Whether you are starting your career in information security, need advice for your next step, deciding on how to build knowledge or choose a growth area in security to continue with, let’s have a conversation! If you have not yet registered with the Base Cyber Security network, be sure to do so! Send us your details at [email protected] & follow us on Twitter @BaseCyberSec to stay up to date with our activities and relevant info. By registering with the security community and / or showing interest in a specific role, project or team, you agree with sharing your personal information with Base Cyber Security, which will in turn collect, use and process this in an ethical, private and compliant (including under the GDPR where applicable) manner.