工作职责:

Position Summary

 This position is belong to the department of Global Information Security and Compliance. He/She operates as a Tier 3 multi-disciplinary analyst within the Security Operations Center, employing various skills and experience to drive incident resolution. On a daily basis, the Information Security Engineer collects, reviews, interprets, correlates and analyzes data during and post incident in order to create a comprehensive picture of any potential threat. Performs activities combining analytic and design skills with adequate knowledge of software and hardware technologies, in order to define, design, create, test, implement and modify informatic systems which have software as a main component.;

Principal Accountabilities / Responsibilities

 On a day-to-day basis respond to, remediate, and coordinate incident response actions with other stakeholders, both internal and external.

 Creates scripts and necessary reports to prevent disruption or unavailability of information assets and assess the impact.

 Analyses security attacks and decides and or advises ways to solve them by configurating the informatics systems.

 Define, design, create, test, implement and modify information assets that have software as the main component in order to improve the security posture.

 Develop and maintain technical runbooks.

 Conduct in-depth analysis of suspicious activities and attempted attacks, during and post incident through and not limited to the analysis of malware, packets, alerts and logs for signs of malicious activity

 Act as main point of escalation for Tier 2 Analysts and the Business

 Stay current with digital forensic and incident response technology, methodology and legal requirements

 Perform computer forensic & incident investigations when required

 Ensure that all investigations are performed in-line with regulatory requirements and internal corporate policies, standards and procedures.

 Provide metrics for management and periodic intelligence reports and lessons learned on various threat actors and IOCs

 Build upon existing capabilities through continuous improvement of relevant intelligence sources and methods, recommending new tools and procedures to detect threats and protect DT intellectual property and assets

 Assist in support of formal investigations and/or inquiries to resolve insider threat related matters, acceptable use policy violations

 Identifies areas for improvement in internal processes along with possible solutions.

 Work with the Information Security Operations Lead to define and document standard operating procedures for security incident handling, malware analysis, vulnerability management etc.

 Maintains the confidentiality related to the professional secret and the security of the documents manipulated and administrated by him / her.

任职条件:

Requirements / Qualifications

 Studies: Bachelor’s degree in Security Management; Compliance or Computer Science or a comparable course of studies

 Experience: 2+ years of experience in IT Security, with a focus on Incident Response and SOC

 Certifications: Any of the following: ECSA, Comptia Security+, SANS Certification

 Knowledge

 Deep understanding of security systems, firewalls, authentication systems, log management, content filtering, network security and networking technologies

 Has worked with and managed at least one of the following technologies: SIEM, AV, NIDS/NIPS, ETDR, DLP, FW, HIPS/HIDS

 Proven knowledge in the following security disciplines : advanced threats, information security incident detection and response, forensic investigative practices

 Experience in developing, collecting and analyzing threat intelligence

 Experience with rule-driven and analysis-driven network platforms

 Experience in cyber intelligence analytic methodologies such as Kill Chain, threat modeling, threat hunting

 Foreign languages: Fluent in English, written and verbal

 Abilities, Qualities, Skills

 Relevant experience in an international environment

 Identifying problems; recognizing significant threats and risks; making connections between data;

 Tracing possible causes of problems; investigating relevant data

 Upholding generally accepted social and ethical standards in job-related activities

 Strong written, oral and presentation skills