Our client is a leading financial marketplace operator based in Europe, with a strong focus on providing reliable and innovative solutions to meet the needs of the global financial community. They operate one of the world's largest stock exchanges, as well as a range of other trading platforms and services.
As part of their commitment to maintaining the highest levels of security and resilience, they are seeking a highly skilled and motivated Incident Response Engineer to join their Cyber Emergency Response Team (CERT) in their mission to detect, contain, and mitigate information security incidents. If you are a talented security professional with a passion for protecting critical systems and data, we invite you to apply for this exciting opportunity.
- Lead cyber security incident response engagements covering incident handling and coordination, in-depth technical analysis, and investigation through to recovery.
- Develop IR initiatives that improve the team's capabilities to effectively respond to and remediate security incidents (e.g. defining SIEM use-cases, identifying threat hunting hypothesis, promoting red-teaming activities, etc.).
- Perform root cause analysis and drive implementation of containment and mitigation strategies.
- Perform post-incident lessons learned, root cause analysis, and incident reporting.
- Participate in Blue/Red teams exercise to test and improve the team's monitoring and response capabilities.
- Build automation for response and remediation of malicious activity.
- Recommend security measures to address cyber threats identified in a proactive-based approach.
- Help to improve the CERT process excellence by maintaining information security documentation in line with regulatory requirements.
- Previous experience in a CERT or SOC team as well as involvement in IS Incident investigations.
- Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic.
- Expert working knowledge of technical and organisational aspects of information security, e.g., through prior defensive or offensive work experience.
- Solid understanding of cyber threats and MITRE ATT&CK framework.
- Deliverable-oriented, with strong problem-solving skills and adaptation on complex and highly regulated environment.
- Team player willing to cooperate with multiple colleagues across office locations in a cross-cultural environment.
- Good report-writing skills to present the findings of investigations.
- Available during the working hours (Mo-Fr) + on-call duty.
- Fluent in spoken and written English, including security terminology; proficiency in German is a plus.
- Background in Malware Analysis, Digital Forensics and/or Cyber Threat Intelligence.
- Experience in Threat Hunting including the ability to leverage intelligence data to proactively identify and iteratively investigates suspicious behavior across networks and systems.
- Development of automation of various CERT/SOC processes via SOAR solution.
- Development (e.g. Python, Shell scripting).
- Cloud Security expertise (primarily GCP and Azure).
- Vulnerability Handling / Management.
- Relevant Industry Certifications such as SANS/GIAC (e.g., GCIA, GCIH, GNFA, GCFA), CompTIA (Security+, Cloud+, PenTest+), OSCP, eLearnSecurity are desirable.
If you're interested in this opportunity, please submit your CV. Our client is an equal opportunity employer and welcomes all qualified candidates to apply. Alternatively, you can reach out to jessica.thompson(at)glocomms.com for more information.