Our client is Siemens Healthineers, a leading global medical technology company with more than 55,000 dedicated colleagues in over 70 countries, driven to shape the future of healthcare.
Your mission and responsibilities:
You will provide intelligence to assist in decision making and actively thwart emergent and current threats targeting Healthineers by developing processes and procedures on the identification, analysis, processing, and distribution of finished intelligence.
You will collaborate with Incident Response specialists, translating data into actionable intelligence to help prioritize response activities.
You will closely work with Cybersecurity Operations colleagues understanding their goals and helping them to establish priorities based on the Healthineers threat landscape.
Task and responsibilities:
You analyze cyber threats from different sources in our Threat Intelligence Platform (TIP), determine their significance and reliability, and convert them into actionable information for other cybersecurity stakeholders in the form of specific TTP bulletins, trends reports and collaboration sessions.
You create new alerts to ensure all relevant TI information and events are being generated and captured, and research on new sources to identify emerging cyber security threats that potentially target our business, providers, or customers.
You perform detailed analysis to identify novel TTPs being used by attackers, from state-sponsored cyber criminals to other organized threat actors.
You assess and improve the quality of Indicators of Attack and Compromise (IoAs and IoCs) that automatically feed the security tools of Siemens Healthineers for blocking actions and triggering alerts.
You provide intelligence briefings to Cybersecurity colleagues and to other Security and IT areas.
You work on improving the Threat Intelligence processes and you will create new procedures.
What is in it for you:
Enjoy a flexible work schedule with up to 80% remote working based on your personal preference.
Thrive in a multinational environment where you will have the chance to meet and cooperate with colleagues from all over the globe.
Participate in big security projects, introducing improvements that will make a difference on the daily work of over 66.000 employees. Organization, coordination, and communication are key to succeed.
Constantly increase your knowledge and develop your skills by combining training courses with on-the-job training.
More than 5 years of relevant work experience in Cybersecurity Operations of mid-size to large high tech and healthcare organizations, working in geographically distributed teams.
Strong analytical skills with the ability to collect, process, analyze, and disseminate significant amounts of information with attention to detail and accuracy.
Significant experience conducting intelligence analysis, including social network analysis, targeting, technical analysis, attribution, etc.
Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic.
Deep and current knowledge of social network monitoring (SOCMINT) and Dark Web Networks (TOR, I2P, etc.) (DARKMINT).
Relevant Threat Intelligence Certifications such as SANS GIAC GCTI or EC-Council’s CTIA, as well as TI vendors certifications and training.
Scripting languages skills and using REST API, as well as data processing, regular expressions, and console-based text processing tools.
Experience with Malware analysis, sandboxes, and reverse engineering tools.