Loading...

Security Analyst

About the role 

The Group Security team is embarking on a mission of rapid maturity and require a highly motivated and talented information security specialist to help guide us on this journey.

The Group Security team operates out of Stockholm and is responsible for securing the Kindred Group and its assets.We are searching for that certain someone who is not satisfied in just knowing common standards and frameworks, but instead likes to understand vulnerabilities, the exploitability, how to think like the adversary, and most importantly how to defend against them. You will have a real personal passion for security (across a broad range of domains), technology and an insatiable lust to develop further as a security expert (both technically and generally).

Whilst the role is within the security operations line, there is ample opportunity to work across the broader Group Security and assist in the Cyber Security line (Red Team) on their initiatives (e.g. penetration testing, devops security, etc.) 

What you will be doing?  

  • Triage and respond to information security incidents reported via SIEM, ticketing system, email, etc…
  • Perform root cause analysis, document findings and collaborate with technology/process owners to prevent future occurrences.
  • Research, analyze and understand log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems.
  • Automate manual processes via scripting and utilization of various tools and platforms.
  • Perform raw data review in an effort to identify malicious activity for which signatures/content do not exist.
  • Assist with the development of new content and tuning/filtering of existing content for SIEM, IDS/IPS, and other security technologies.
  • Assist management in ensuring the team is executing on core responsibilities such as working incidents through to completion, ticket queue maintenance, documentation, training requirements, etc…
  • Work with management to define and update standard operating procedures and response plans.
  • Support efforts of stakeholders during all phases of the Incident Response process.
  • Serve as a primary escalation point for security incidents.
  • Manage or contribute to projects that directly correspond to the maturity and/or capabilities of the Security Operations team.
  • Assist with the development and execution of the vulnerability management programme and correlation 

What have you done? 

  • Advanced knowledge of computer networking: TCP/IP, routing and protocols.
  • Advanced knowledge of packet structure and previous experience performing in-depth packet analysis.
  • Advanced knowledge of Incident Response methodologies and information security best practices/technologies
  • Advanced knowledge regarding the administration, use, securing and exploitation of common operating systems
  • Minimum of 3 years' experience utilising HIDS/NIDS, SIEM, anti-virus, web-proxy, packet capture tools, host based analysis technologies in a security analyst capacity
  • Minimum of 3 years' experience analyzing log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems required.
  • Proficiency in log parsing and data analysis (REGEX is a must)
  • Proficiency in Python 3 or other scripting language
  • Demonstrate knowledge of indicators of compromise (IOC) and Advanced Persistent Threat (APT) as it applies to event/incident/offense analysis
  • Research and analytical background and an analytical approach; especially with respect to event classification, event correlation, and root cause analysis.
  • Able to perform true and false positive event (or offense) analysis with a high degree of accuracy
  • Must exhibit an aptitude for thoroughly researching issues to determine a root cause
  • Must exhibit the ability to take threat intelligence and correlate it within the context of event/incident/offense analysis
  • Familiarity with a standardised incident response framework, and ability to further develop the IRP and triage procedures within the SOC
  • Highly desirable: experience with building and maintaining effective vulnerability management programme using industry standard technologies 
  • Highly desirable: experience with "The Hive" Incident Response Platform and associated technology or threat intelligence feeds and platforms (e.g. MISP, yara, virustotal, abuse finder etc.)
  • Highly desirable: experience with cloud platforms like AWS, GCP or Azure
  • Highly desirable: experience with O365 

 

Education / Qualifications/ Professional Certificates

 

  • Desirable: Relevant university degree, GNFA, GCFE, GPEN, GREM, OSCP or other technical certification, Certification for security operations technology e.g. SIEM, vulnerability management, HIDS/NIDS solutions, ...

 
Loading...
Close map
Location
Stockholm
Regeringsgatan 25, Stockholm, Sweden, 111 53
Loading...
  • Reference Number:
    COR0539
  • Office:
    Stockholm
  • Type of Employment:
    Full time permanent
Loading...
25 - 30 Days Holiday
Private Medical
Wellbeing Allowance
Fresh Fruit
Free Breakfast Friday's
Premium Parental Leave
Eye test
3 days CSR leave
Shares
Pension
Anniversary awards
Share this page

Job Alerts

If this job is not for you but you are interested in jobs similar to this, then click the button below to be the first to know about them.