We are looking for a SOC Analyst to join our team!
Key Responsibilities:
- Security Monitoring and Response: Perform real-time proactive security monitoring, detection and response to security events and incidents from the various SOC entry channels (SIEM, Tickets, Email and Phone).
- Incident Categorization: Categorize and assist with resolution of incoming security events and raise necessary incidents after a thorough quality check of the event data.
- Incident Analysis: Conduct thorough checklist-based investigation of security events generated by detection mechanisms such as SIEM, IDS/IPS, AV, EDR.
- Incident Escalation: Based on the security incident severity, escalate to service support teams, Tier 2 information security specialists, and/or customer as appropriate to perform further investigation and resolution.
- Incident Resolution: Work independently or closely with Tier 2 and core support, providing adequate information about incidents required for resolution.
- Incident Management: Participate in security incident management and vulnerability management processes.
- Operational Improvements: Recommend enhancements to SOC processes & procedures.
- Documentation: Ensure clear and concise documentation of analyzed security incidents adhering to SOC internal documentation guidelines.
- Optimization: Provide input on tuning and optimization of security systems and correlation rules (e.g. whitelist requests).
Requirements:
- You have a foundational understanding of basic computer networking (TCP/IP stack, VPN, proxies, firewalls).
- You are comfortable working with Linux or Windows operating systems and are aware of some of the differences between the operating systems (also from the security perspective).
- You understand basic monitoring and data analysis concepts such as time trends, statistical anomalies, log and metrics analysis.
- Knowledge of common cyber threats such as phishing, scanning, vulnerability exploitation and malware.
- You undersstand cloud access and authentication mechanisms and principles on a foundational level (SSO, MFA, least privilege).\
- Foundational experience using or configuring security tools and technologies (SIEM / EDR / AntiVirus).
- Basic skills in a scripting or programming language such as Bash, Powershell or Python.
- You have an overview of the cyber-kill chain framework and its application in security incidents.
- Proficiency in Microsoft Office Applications, case management and ticketing systems.
- Fluent English language skills
- Preferred Certifications:
1. Junior Defensive Cybersecurity Cert (Blue Team Level 1)
2. CompTIA Security+
3. Microsoft Certified: Security Operations Analyst Associate (SC-200)
4. Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
What we offer:
We believe in a supportive and rewarding work environment for our employees.
Compensation and Benefits:
- Highly competitive salary.
- Bi-annual bonus based on seniority within the company.
- Meal tickets and various gift vouchers.
- Strong benefits list, including a brand new office, private medical insurance, and 24 vacation days plus a free birthday leave and many more.
Career Growth and Team Environment:
- Certified training possibilities and the opportunity to grow within the Arvato Systems Global Delivery framework.
- Interesting projects and solutions for both the Bertelsmann Group and international external customers.
- A committed and helpful team with a "WE" feeling, promoting a friendly, multicultural, and cooperative environment.
- The possibility to work in mutual trust and to be creative, with the freedom to improve working flows through self-initiative.
