А global digital transformation company with a team of more than 4,900 global players in 26 countries – in Europe, America and Asia, working together to put organizations at the forefront of innovation by bringing together talent, knowledge and technology.

Our approach is based on conscious technology, through which we create positive environments and meaningful opportunities, always in our own way, making the complex simple.

VASS is currently seeking a Cybersecurity Expert / SIEM Specialist in Tallinn, Estonia.

The role:

- Monitor the correct functioning of the SIEM solution

- Real time monitoring of corporate server, services, network end user workstation events

- Acting as a 1st level tier for any security related monitored event

- Review the results, detect anomalies, and support the response to the incidents

- Monitor the SIEM dashboard

- Create scripts to automate tasks

- Review, update implement use cases

- Implement and test new plugins

- Integrate new sources

- Merge and correlate events from all the other security monitored services

- Investigate all the alerts highlighted by CERT EU

- Monitor the license consumption

- Prepare procedure and cheat-sheets for quick use of the platform

- Lookup using additional IoCs

- Correlate and prioritise events

- Threat hunting

- Support the tracing of the origins of an intrusion or identifying systems to which the intruder had access

- Perform periodic asset Inventory

- Propose reactive measures (eg. block domains, IP, isolate networks)

- Correlate and summarize events

- Monitor user login attempts

- Regularly report on current situation

- Escalate to tier 2 and 3

- Alert on problem

- Prepare graphical visualizations of all monitored data

- Prepare scripts for automating recurrent tasks

- Support the incident management process of the Agency

- Support to assess impact of security incidents

- Assess & analyse cyber threat intelligence sources.

- Monitor and manage the corporate MISP solution

You have:

• Minimum 3 years of relevant academic education after the secondary school awarded with a diploma (Bachelor or equivalent)
• Minimum 5 years of relevant professional experience
• Minimum 2 years professional experience managing and maintaining SIEM systems, specifically Splunk
• Minimum 2 years of professional experience with SIEM artefacts creation and reporting
• Minimum 3 years of professional experience working in a Security Operations Centre or Managed Security environments.
• In depth knowledge of network configuration and troubleshooting
• Knowledge of network security and monitoring and management of network security devices
• Splunk search processing language
• Windows Security Events
• SIEM solutions (configuration, customization, further development)
• Understanding of a wide array of corporate server applications such as : DBMS, Exchange, DNS, SMTP.
• Enterprise end-point security products
• Excellent analysis and problem solving

Additional Qualifications:

• Successful completion of at least the 3 Splunk fundamental courses plus and at least one subsequent
• At least 1 security certification (in addition to Splunk credentials)
• Experience working with and client ticketing and knowledge base systems for Incident Tracking
• Knowledge of network security and monitoring and management of network security devices

If you want to join a dynamic company where technological challenges will be found in your day to day we are waiting for you in the great VASS team.

And we encourage you to be the best version of yourself: Transformative, Creative, Honest, Vibrant!

At VASS we take action every day to achieve a favourable environment that facilitates and promotes equal opportunities, non-discrimination, diversity and inclusion of all people. We select our talent based on business needs, skills and merits. 🌟