Our client is Siemens Healthineers, a leading global medical technology company with more than 55,000 dedicated colleagues in over 70 countries, driven to shape the future of healthcare.
Task and responsibilities:
Triage the security events that are escalated by our SOC team.
Coordinate and lead Incident Response taskforces and provide technical expertise, working with different business functions such as IT Operations, HR, Legal, Data Privacy, Corporate Communications and Product Security.
Derive immediate mitigation measures for containment, eradication, and recovery of cybersecurity incident and keep track of its implementation progress during incident response task forces.
Leverage threat hunting to create and maintain Situational Awareness for related company functions such IT operations, security architects, or service providers.
Perform analysis of different log files and data sources to identify adversarial activity and anomalies.
Assess newly arising vulnerabilities and Tactics, Techniques and Procedures (TTPs) to define defensive measures to detect and disrupt adversarial actions. Coordinate with neighboring functions to ensure those measures are turned into actionable changes.
Collect forensic artifacts, analyze, reverse engineer, and document findings on malicious payloads so that indicators of compromise and information about threats origin and intents are properly disseminated and acted upon.
Consider business aspects to support an adequate triage and prioritization of cybersecurity incidents, whilst ensuring root-cause is properly clarified. Communicate findings and possible improvement measures in an actionable way.
Document and communicate abstracts and consolidated incident-related findings and trends to support security architecture and security awareness functions.
Computer networking concepts and protocols, and network security methodologies
Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of log data and network traffic.
Host/network access control mechanisms (e.g., access control list, capabilities lists).
System administration, network, and operating system hardening techniques.
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Incident response and handling methodologies.
Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
Network traffic and packet-level analysis.
System and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Experience doing forensic analysis of both Linux and Windows systems.
Experience with Malware analysis, sandboxes, reverse engineering, and tools such as Radare2, OllyDbg, and Hex-Rays IDA Pro.
Experience with operating system security controls on common platforms such as Linux, Windows.
Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq)
Models to describe and document cyber-attacks (e.g., reconnaissance, scanning, enumeration, persistency, lateral movement, exfiltration) such as Cyber Kill Chain or MITRE ATT&CK
Cloud service models and how those models can limit incident response.
Application Security Risks (e.g., Open Web Application Security Project Top 10 list).
STEM studies are highly desirable but might be traded-off for relevant experience.
5+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable.
Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM are desirable.