Threat Detection & Response Analyst

The Threat Detection & Response Analyst works within the Security Operations Center (dbSOC), which is set up within a Follow-The-Sun model. He/She is responsible for the monitoring, detection and analysis of information security events and incidents.

Additionally, he/she acts as a specialist for information security incident response processes to protect the Bank, its partners, and clients of any potential loss. Besides operations tasks, he/she will be supporting to evaluate and adjust processes, tools, and reporting.

The objective is to identify and close gaps in the event detection, as well as improving the detection, analysis, and response of security events, ideally in an automated way.

Focus is on events in the area of network, endpoint and cloud security (GCP/Chronicle and Microsoft Azure/Sentinel).

Main Responsibilities:

• Handling security events from multiple channels such as the monitoring tools, the Cyber Security Hotline & Mailbox
• Monitoring, detection, and analysis of security-relevant events, including response and documentation. Conduct/contribute to risk assessments to evaluate the criticality of information security events.
• Opening tickets for documentation, further actions, and follow-ups
• Supporting the triage and enrichment of alert data and improving detection use cases
• Improvement of the current threat detection capabilities, ideally via automation of standard processes
• Working in the daily operations, within defined processes and related SLAs
• Supporting the entire SOC team with your security expertise and process know-how

Required:

• Solid background and good understanding of enterprise technologies especially focusing on security devices, network engineering, operating systems, databases and security configurations on application level
• Experience with analyzing system logs including network traffic logs, payload, event logs, application logs, firewall logs, Active Directory etc.
• Experience with Security Incident and Event Management (SIEM) systems. Ideally experienced with Splunk, GCP Chronicle , and/or Microsoft Sentinel.
• Cyber security expertise and familiarized with incident response.
• Good knowledge of current threat landscape and attack scenarios/tactics, as well as containment and protection measures, familiar with MITRE ATTACK framework.
• Good knowledge on Cloud security, ideally on Google Cloud and/or Microsoft Azure.

Always a plus:

• Previous experience working in a Security Operations Center (SOC), including on all phases of incident response lifecycle
• Certified CISSP, CISM, GCIH, SANS/GIAC, ISO 27001 or similar
• Studies in IT / Information Security fields.
• Fluent in German
• Familiar with basic banking regulatory requirements relevant for TDR