Incident Response Expert

The IR Expert coordinates the CSIRT team of OBRELA and acts as IR Expert leading and directing efforts to immediately respond quickly and efficiently to active threats. The IR Expert provides direct, on-site or remote assistance to assist our clients recovering from a complex cyber security incident. He/She may need to physically analyze the affected systems and provide malicious code analysis or post-incident investigation support to determine the source of attack and extent of potential target system(s) compromise. Additionally, the IR Expert submits post-incident root cause analysis and recommendation reports to customers to improve security architecture and / or the security process model in order to mitigate risks and prevent similar attacks to be successful.

Key accountabilities:

• As leader of OBRELA’s CSIRT activities he/she establishes communications with appropriate customer units and team members of OBRELA, and provides status updates to customer and OBRELA senior management.
• Be the focal point for critical security events and incidents. Serves as a Subject-Matter-Expert while providing recommendations and guidance to customers and to OBRELA’s CSIRT team for escalation and remediation.
• Enhances the design, documentation, and implementation of incident response processes, procedures, guidelines, and solutions.
• Processes in-depth knowledge on network, endpoint, threat intelligence, forensics and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure.
• Acts as an incident “hunter”, and is closely involved in developing, tuning and implementing threat detection analytics.

Requirements

• Bachelor's degree in Computer Science
• 5+ years’ experience in the information security industry
• Advanced training on anomaly-detection and experience on performing root cause analysis (RCA) for incidents
• Specialized knowledge/ training on data aggregation, analysis and threat intelligence
• Excellent knowledge of cyber threats, incident response procedures and adversary tactics frameworks (e.g. MITRE)
• Be a self-starter with history of working under pressure and/or within various incident situations
• Ability to travel abroad and remain on customer site until full incident recovery

Desired requirements include:

• Leadership, communication and risk management skills
• Experience in Forensic Techniques
• Strong security background and broad knowledge of security solutions
• Master Degree in Information Security
• Industry Certifications such as GIAC GCIA / GCIH, GCFA
• Experience using a SIEM or EDR solution to identify threats
• Considerable experience on threat data analysis, incident response and threat hunting methodologies
• Ability to apply problem solving, network analysis / troubleshooting techniques

Benefits

• Dynamic and respectful environment – our people are the core of our business, we value each and every individual and support initiatives, promoting agility and work/life balance.
• Continuous coaching – work with passionate people and receive both theoretical as well as hands-on training
• Career development. Expand your career internationally and work alongside knowledgeable people from diverse cultures and backgrounds
• A competitive compensation package dependent upon your experience and qualifications. We’re focused on rewarding efforts. Our salaries and benefits package will keep you motivated throughout your career