(Senior) Security Analyst (m/f/x)

View full description

Requirements:

• At least 3+/5+/8+ years of relevant professional experience as a security analyst or similar role in a security operation center
• Successfully completed studies (computer science, information security, IT security, cybersecurity) or comparable hands on training
• Certified Information Systems Security Professional (CISSP) and/or Global Information Assurance Certification (GIAC) would be a benefit and/or other similar certifications
• Experience in solving problems and conflicts in complex corporate structures
• Strong problem-solving and troubleshooting skills
• Ability to work extremely well under pressure while maintaining a professional image and approach
• Ability to perform independent analysis of complex problems and distill relevant findings and root causes
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Knowledge of frameworks and standards in the SOC environment such as Cyber Kill Chain, MITTRE or similar standards
• Proven record in using SIEM solutions, XDR, EDR, NDR and PAM
• Technical knowledge of the products – Splunk, SentinelOne, Proofpoint, Cyberark is an advantage
• Technical expertise in network security, including VPN, firewall, web server security and Cloud
• Specific OT and IoT knowledge are considered a plus
• Knowledge of at least one scripting language (e.g. Perl, Python and PowerShell)
• A precise, responsible mindset and reliability are among your strengths
• Very good presentation and moderation skills
• Entrepreneurial mindset and strong analytical and conceptual skills
• Highly proficient in spoken and written English

Responsibilities:

• Respond to security incidents according to the security incident response policy and procedures
• Provide technical guidance to first responders for handling information security incidents
• Provide timely and relevant updates to appropriate stakeholders and decision makers
• Communicate investigation findings to relevant stakeholders to help improve the information security posture
• Validate and maintain incident response plans and processes to address potential threats
• Compile and analyze data for management reporting and metrics
• Monitor relevant information sources (such as specific technology related news, Twitter, LinkedIn and information sharing and analysis centers) to stay up to date on current attacks and trends
• Analyze potential impact of new threats and establish new use cases together with our security platform engineers
• Perform or participate in root-cause analysis to document findings, and participate in root-cause elimination activities as required
• Create runbooks for frequently occurring incidents to automate or at least assist with the resolution of those cases
• Together with our security engineers you develop new use cases to further improve our capabilities
• Expand the reach of our existing tooling by onboarding new data sources and systems
• Work in close partnership with our infrastructure teams, information security officer and colleagues from the REWE Digital SOC
• Support an open feedback culture and a forward-looking error culture (learning organization)
• As part of your work, you identify potential security risks and forward them to the necessary authorities