Detection Manager

Arbetsbeskrivning

Detection Engineer

The role
The Security Operations Center team is embarked on a maturity mission, and requires a highly motivated and talented Detection Engineer to help guide us on this journey. This Detection Engineer role requires an understanding of the day to day operations of this area.
The SOC team mostly operates out of Stockholm and is responsible for the detection, triage and alerting around potential security events affecting Kindred Group and its assets. We are searching for that certain someone who is not satisfied in just knowing common standards and frameworks, but instead likes to understand vulnerabilities, the usual tactics, techniques and procedures used by adversaries, and most importantly how to detect them. You should have a real personal passion for security (across a broad range of domains), technology and insatiable lust to develop further as a Detection Engineer.
The SOC team is part of the Group CSIRT, responsible for the detection of threats and vulnerabilities affecting the Group, responding to incidents and performing forensic investigations.

Key Responsibilities
Researches, analyses and understands log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems
Performs raw data review to identify malicious activity for which signatures/content do not exist
Develops new content and tunes/filters the existing content for SIEM, IDS/IPS, and other security technologies
Maintains and improves SIEM operations and integrations with other security products
Develops reports and dashboards for SOC operations
Contributes to and suggests improvements for Security Operations framework
Improves security event enrichment
Develops and maintains triage playbooks
Supports DFIR Engineers' efforts during all phases of the Incident Response process, when needed
Manages or contributes to projects that directly correspond to the maturity and/or capabilities of the SOC
Monitors intelligence sources in order to maintain situational awareness of the ways to detect emerging cyber threats
Develops and maintains documentation related to security event logging and monitoring
Communicates with key stakeholders to ensure that security event monitoring requirements and procedures are followed


Skills and Experience
Advanced knowledge of computer networking: TCP/IP, routing and protocols
Advanced knowledge of packet structure and previous experience performing in-depth packet analysis
Advanced knowledge of Incident Response methodologies and information security best practices/technologies
Advanced knowledge regarding the administration, use, securing and exploitation of common operating systems
Minimum of 3 years experience utilising HIDS/NIDS, SIEM, anti-virus, web-proxy, packet capture tools, host based analysis technologies in a security analyst capacity
Minimum of 3 years experience analysing logs originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems required
Proficiency in log parsing and data analysis (REGEX is a must)
Demonstrate knowledge of indicators of compromise (IOC) and Advanced Persistent Threat (APT) as it applies to event/incident/offense analysis
Research and analytical background and an analytical approach; especially with respect to event classification and event correlation
Able to perform true and false positive event (or offense) analysis with a high degree of accuracy
Must exhibit the ability to take threat intelligence and correlate it within the context of event/incident/offense analysis
Familiarity with a standardised incident response framework, and ability to further develop triage procedures within the SOC
Highly desirable: experience with threat intelligence feeds and platforms (e.g. MISP, yara rules, virustotal, etc.)
Highly desirable: experience with cloud platforms like AWS, GCP or Azure
Highly desirable: experience with O365
Highly desirable: experience with Splunk or Elasticsearch
Desirable: Relevant university degree, GCDA, GNFA, GCFE, GMON, GSOC or other technical certification, Certification for security operations technology e.g. SIEM, HIDS/NIDS solutions


KPI's-
Time to detect incidents
% of coverage for the security event detection systems
True/False positive ratio for security alerts
Count of use detection use cases


Application process
Click on the "Apply Now" button and complete the short web form. Please add a covering letter in English to let us know your motivation for applying and your salary expectation. Our Talent Acquisition team will be in touch soon.

Kindred is an equal opportunities employer committed to employing a diverse workforce and an inclusive culture. As such we oppose all forms of discrimination in the workplace. We create equal opportunities for all our applicants and will treat people equally regardless of and not limited to, gender, age, disability, race, sexual orientation. We are committed not only to our legal obligations but also to the positive promotion that equal opportunities bring to our operations as set out in our sustainability framework. Kindred has an ESG rating of AAA by MCSI.

Job alerts
Not suited to this role but interested in working at Kindred Group?
We are always on the lookout for talented, passionate people to join our global teams so if you'd like us to let you know when suitable jobs come up, please click on “Register for Alerts”.

Sammanfattning

  • Arbetsplats: Kindred People AB Stockholm
  • 1 plats
  • Tills vidare
  • Heltid
  • Fast månads- vecko- eller timlön
  • Publicerat: 7 november 2022
  • Ansök senast: 13 februari 2023

Postadress

Regeringsgatan 25 9TR
Stockholm, 11153

Liknande jobb


IT RISK AND COMPLIANCE MANAGER

IT RISK AND COMPLIANCE MANAGER

24 januari 2024

15 januari 2024

Informationssäkerhetsspecialist

Informationssäkerhetsspecialist

12 januari 2024