Analyst, Cyber Security Monitoring and Incident Response

ROLE DESCRIPTION SUMMARY

In this position you will be responsible for the proactive monitoring and analyzing security events from multiple sources and for autonomously managing security incidents to ensure a coordinated, timely and effective response. You will ensure SES security incident response readiness and drives the definition, implementation and continuous improvement of SES’s security incident response framework. You will operate and continuously improve the vulnerability management process across SES as well and support key security management processes by collecting, creating and disseminating threat intelligence within the organization as well as with partner organizations.

You will be responsible for (this is not an exhaustive list):

• Perform 2nd level security monitoring and analysis of security alerts to identify security incidents
• Maintain an effective log parsing and detection rule base by performing regular rule reviews to improve the false-negative and false-positive rates
• Ensure the technical infrastructure supporting security monitoring and incident response are healthy and continuously improved
• Improve detection capabilities by defining new use-cases, implementing corresponding rules, improving current ruleset and ensuring necessary logs are collected by the SIEM
• Autonomously work with departments across SES to ensure relevant systems and logs are onboarded to the SIEM
• Manage security incidents autonomously following the established incident response framework to ensure a coordinated, timely and effective response to security incidents.
• Perform in-depth technical analyses of security threats and incidents, including malware analysis, network traffic analysis and system forensic analyses
• Automate, maintain, and tune the infrastructure and tools of the cyber security operations function (including but not limited to SIEM platform regarding log sources onboarding, log parsing, rules/alerts/reports definition, SOAR platform, sandboxes, EDR tools, forensics workstations)
• Ensure SES security incident response readiness by driving the definition, implementation and continuous improvement of SES’s security incident response framework, including relevant policies, processes and procedures, incident response tools, and educating various stakeholders on the basic principles of security
• Threat Intelligence & OSINT - Collect and analyse security information from different information resources to identify relevant threats and vulnerabilities in order to improve security monitoring and incident response
• Create SES-specific threat intelligence from various data sources, such as managed security incidents, quarantined malware, etc.
• Disseminate synthesised intelligence information within the organization as well as external organizations, such as CERTs, ISACs or partner organizations
• Manage the vulnerability management process to identify and prioritise vulnerabilities in SES’ systems, applications and services and communicate and propose mitigation plans to system owners
• Create and maintain policies, processes, procedures for all cyber security monitoring functions

YOUR PROFILE:

Must Have

• Bachelor’s degree and 2-5 years of experience in Cyber Security, Computer Science, Information Technology, or similar field (a combination of experience and education will be considered)

• Computer security, incident response and analysing security events from various sources

• Security technologies, such as Antivirus, Network and Host Intrusion Detection Systems, Web Proxy/Content Filtering, Authentication technologies, Security Information and Event Management (SIEM)

• Knowledge of scripting languages

• On-call duty as required

• Ability to travel domestically and internationally 10% of the time

• Security certifications such as GCIH, GCFE, GCFA, GREM, or GCIA

• Experience in malware analysis and reverse engineering

• Candidate must be willing to undergo a NATO/EU SECRET security clearance procedure as this position might require holding security clearance

Nice to Have

• Experience in managing large- and small-scale incidents
• Computer forensics, security vulnerabilities and exploits
• Incident response and forensic tools, techniques and tactics

SES and its Affiliated Companies are committed to hiring and retaining a diverse workforce. We are an Equal Opportunity/Affirmative Action employer and will consider all qualified applicants for employment without regard to race, color, ancestry, national origin, gender, sex, sexual orientation, gender identity, marital status, religion, age, disability, veteran status, or other characteristic protected by local, state, or federal law.

In conformity with U.S. Government technology export regulations, including the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR), and/or other applicable U.S. law, regulation or other requirements imposed by the U.S. Government, certain positions may require U.S. Citizenship, status as a lawful permanent resident of the U.S. or a “protected individual” as defined by 8 U.S.C. 1324b(a)(3), or eligibility to obtain the required authorizations from the U.S. Department of State or U.S. Department of Commerce.