The purpose of this role is to protect Knauf information systems from internal and external threats, with a primary focus on identifying and responding to complex and sophisticated threats of unknown nature, or threats where attackers use new and not obvious TTPs. Your expertise will be vital in investigating, containing and eradicating threats, but also in guiding less experienced team members.
responsibilities :
Provide end-to-end response to unknown threats identified in our environment and take over response to incidents escalated from less experiences team members.
Investigate and resolve regular, medium and high-priority incidents, drive containment strategy for breach events.
Regularly communicate with system owners, IT personnel, and business users as required to ensure effective threat management and resolution.
As part of containment and eradication, recommend adjustments and policy changes for 1st line of defense security technology configuration such as IDS, proxy, EDR, email gateway, WAF etc.
Develop and maintain Cyber Security Threat Response Playbooks for known threats and provide feedback and tuning recommendations on Use Cases to Threat Detection Engineers.
Escalate high-priority threats to the CSIRT cyber crisis team for activation when necessary and actively participate in the resolution of incidents if mobilized.
Actively guide junior team members, share knowledge and mobilize Cyber Threat Analysts for additional information gathering.
requirements-expected :
You have deep knowledge of common threats, attack vectors, and Tactics, Techniques, and Procedures (TTPs), backed by a strong background in cybersecurity incident response.
You’re experienced with security operations tools such as SIEM, SOAR, EDR, ASM, and NDR, and skilled in using queries to extract and analyze relevant data.
You possess strong analytical and problem-solving skills, allowing you to navigate complex security incidents and mitigate risks effectively.
You’re team player, feeling comfortable in global, international and geographically distributed team.
You have hands-on experience with digital forensic, network forensic, and malware analysis techniques, enhancing your ability to conduct comprehensive threat assessments.
You thrive under pressure, understanding the business impact of cybersecurity incidents and responding swiftly and effectively.
You are proficient in analyzing log formats for common security events, determining root causes, and identifying timeline of threat activity.
You have programming skills, such as Python, which you can use for scripting and automating tasks related to incident response and security operations.
You hold a Bachelor’s degree in cybersecurity or IT with 4-6 years of relevant experience, preferably with certifications like GCIH, GCFA, or similar, demonstrating your expertise in incident response and enterprise-scale management.
offered :
Security: Permanent employment contract in a stable, successful family-owned business
Flexibility: A wide time window for flexible working and weekly home office days
Feel Welcome: Welcome days and individual onboarding, company and team events
Personal career and career development: Individual support for extra-occupational studies, further education and training courses
Inspiring work environment: Our nicely designed office offers you an environment that fosters creativity and productivity. We love coming together as a team here!
benefits :
sharing the costs of sports activities
private medical care
sharing the costs of foreign language classes
sharing the costs of professional training & courses
