Technology Specialist CDO - The Cyber Security SME
Wieliczka
Technology Specialist CDO - The Cyber Security SME
Wieliczka, Wieliczka, Lesser Poland Voivodeship, Polska
HEINEKEN Global Shared Services
16. 3. 2025
Informacje o stanowisku
technologies-expected :
Microsoft Azure
AWS
technologies-optional :
Java
Perl
Python
Go
Ruby
Terraform
about-project :
The Cyber Security SME is part of the Cyber Defense and Operations Product Tribe, and is one of the professionals who do the work of delivering a potentially releasable increment of the product at the end of each sprint. Product Teams are structured and empowered by the organization to organize and manage their own work. The resulting synergy optimizes the Product Teams overall efficiency and effectiveness.
The Cyber Defense and Operations (CDO) Threat Response Product Team is a global team accountable for building a cyber resilient organization by acting as a first line of defense against cyber attacks and by educating the global organization on how to act and respond to security incidents to limit the business impact.
The CDO Threat Response Product Team capabilities are aligned with the NIST frameworks and are grouped into (1) Defensive Capabilities as Monitoring, Detection, Vulnerability Mng, Threat Intelligence; (2) Offensive Capabilities as Incident Response, Penetration Testing; (3) Threat Hunting Capabilities.
The CDO Product Team is a fast growing team, working in a complex and challenging business environment and has an ambitious strategy to implement in the next years In this context, the Cyber Defense Centre is seeking to hire an experienced security analyst and incident responder, to be part of the core CDO team.
responsibilities :
working closely with other members of the team, especially if the system is under attack
supporting the first responders to higher priority incidents, analyzing threats, doing investigation and triage
documenting requirements, procedures, and protocols to ensure that other users have the right resources
coordinating/aligning of broader SOC Analysts team and associated activity, with emphasis on real time proactive monitoring and incident response activity
providing remote incident response activities and advice, to support HEINEKEN operating companies during and immediately after security incidents
detecting threats, investigating those threats, and responding to them in a timely manner (operational threat hunting related to realized security incidents)
developing and improving operational security processes, procedures, and standard operating procedures (SOPs) for incident response
conducting in-depth investigations of security events, escalating incidents, and supporting the incident management process
creating and refining security monitoring content
being on-call to respond to incidents that arise outside of business hours (occasionally)
managing service-related aspects by overseeing and coordinating with third parties involved in incident response and security monitoring
building security architectures and systems, as well as contributing to SIEM content development teams
collaborating with development and operations teams to ensure systems remain up to date
requirements-expected :
3+ years working experience in security operations center of international companies and with SIEM solutions
bachelor degree or equivalent experience
have a passion for security and enjoys solving problems
you understand the Agile mindset and have basic knowledge on working in a Scrum Team. You show end-to-end ownership on work that you do
you have experience with outsourced managed services, using ITIL processes, certifications such as CEH, CIR, CISM, CISA, CGEDIT, any of the OWASP or similar are a plus
incident response framework practical experience
extensive Kusto query language knowledge (KQL)
operational experience with SIEM (Azure Sentinel)- Log Management, Vulnerability scanning and IPS/IDS technologies
knowledge of security engineering, Cloud Provider infrastructure, Linux security, containerized environments security, and/or cloud security
operational experience with Incident Response activities, using EDR solutions on daily basis
knowledge of industry standard security frameworks for information systems (NIST, ISO 27001/2, CSA, COBIT)
the Cyber Kill Chain & MITRE ATT&CK framework
knowledge on security solutions (SSL, Remote Access, IPSEC, Reverse Proxy, IDS/IPS, Firewall, Multi Factor Authentication)
server infrastructure (VMWare ESXi, storage, Azure, AWS)
DB knowledge
authentication protocol knowledge
operating systems internal workings knowledge/understanding
excellent knowledge of English
being able to translate technical language into a story that can be understood, and cohesively present it back to different stakeholders with a clear message
providing clear, concise communication with key technical and non-technical stakeholders
working in a complex and highly externalized environment
strong time management skills and willing to go above and beyond where required
working in a highly dynamic environment, with high pressure situations
ability to research and characterize security threats to include identification and classification of threat indicators
willing to go above and beyond where required
be passionate about mentoring and coaching junior resources
having continuous improvement mentality that helps improve and grow the team
offered :
Hybrid ways of working
Private medical healthcare
Attractive performance bonus
Sodexo pre-paid card
Life insurance
Employee referral program
Wide range of trainings
Local and global job opportunities within HEINEKEN
Parking space
Open bar once a week
We are ACCA Approved Employer
benefits :
sharing the costs of sports activities
private medical care
life insurance
remote work opportunities
integration events
corporate sports team
parking space for employees
extra social benefits
pre-paid cards
christmas gifts
employee referral program
charity initiatives
flexible work from home scheme after pandemic/lockdown
