information security specialist – STÄNGD (Stängd)

Background: The Group Security team is embarking on a mission of rapid maturity and require a highly motivated and talented information security specialist.

The Group Security team operates out of Stockholm and is responsible for securing the costumers  and its assets. We are searching for that certain someone who is not satisfied in just knowing common standards and frameworks, but instead likes to understand vulnerabilities, the exploitability, how to think like the adversary, and most importantly how to defend against them. You will have a real personal passion for security (across a broad range of domains), technology and an insatiable lust to develop further as a security expert (both technically and generally).

Whilst the role is within the CSIRT, the different Security teams (Information Security, Application Security) work closely together and there is ample opportunity to support their projects.

Splunk / Splunk Enterprise Security are pre-requisites or this role

Tasks:

• Build and improve our monitoring capabilities
• Be the escalation point for incidents escalated by our internal SOC or other stakeholders
• Triage and respond to information security incidents reported via our SIEM, ticketing system, emails
• Perform root cause analysis, document findings and collaborate with technology/process owners to prevent future occurrences by driving Lessons-Learned activities
• Automate manual processes via scripting and utilization of various tools and platforms
• Perform raw data review in an effort to identify malicious activity for which signatures/content do not exist
• Assist with the development of new content and tuning/filtering of existing content for SIEM, IDS, EDR, and other security technologies
• Assist management in ensuring the team is executing on core responsibilities such as working incidents through to completion, ticket queue maintenance, documentation, training requirements, etc…
• Work with management to define and update standard operating procedures and response plans
• Support efforts of stakeholders during all phases of the Incident Response process
• Manage or contribute to projects that directly correspond to the maturity and/or capabilities of the CSIRT team

What have you done:

• Advanced knowledge of computer networking: TCP/IP, routing and protocols
• Advanced knowledge of packet structure and previous experience performing in-depth packet analysis
• Advanced knowledge of Incident Response methodologies and information security best practices/technologies
• Advanced knowledge regarding the administration, use, securing and exploitation of common operating systems
• Minimum of 3 years’ experience using HIDS/NIDS, SIEM, anti-virus, web-proxy, packet capture tools, host based analysis technologies in a security analyst capacity
• Minimum of 3 years’ experience analyzing log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems required.
• Proficiency in log parsing and data analysis
• Proficiency in Python 3 or other scripting language
• Research and analytical background and an analytical approach; especially with respect to event classification, event correlation, and root cause analysis
• Able to perform true and false positive event (or offense) analysis with a high degree of accuracy
• Must exhibit an aptitude for thoroughly researching issues to determine a root cause
• Must exhibit the ability to take threat intelligence and correlate it within the context of event/incident/offense analysis
• Familiarity with a standardised incident response framework, and ability to further develop the IRP and triage procedures within the SOC
• Knowledge with the building and running of a threat hunting programmer

Highly desirable experience with: 

• The Hive” Incident Response Platform and associated technology or threat intelligence feeds and platforms (e.g. MISP, yara, virustotal, abuse finder etc.)
• Cloud platforms like AWS, GCP or Azure
• Office 365 and Microsoft Security tools
• Splunk or Elastic searc

Start: ASAP
Length: 6 months
Scope: 100%
Location: Stockholm
Language Requirements: English
Remote: Flexible remote