Cyber Security Operation Center Analyst (m/w)


As the European specialist in cyber security, the mission of Airbus’ CyberSecurity business is to protect governments, companies and critical infrastructures from cyber threats. Its trusted, high performance security products and services are able to detect, analyse and counter the most advanced cyber attacks.

Several vacancies for Cyber Security Operation Center (SOC) Analysts (m/w) have arisen within Airbus CyberSecurity GmbH in Frankfurt/Main, Germany.

As a successful candidate, you will act as the first line of response regarding the potential occurrence of a cyber-attack or security incident. Your role will include receiving, triaging and responding to alerts, requests and reports as well as analysing events and potential incidents to provide primary support for incident responders.

More specifically, your main tasks will include:

- Performing real-time information security monitoring of cyber defence and intrusion detection systems
- Analysing automatically correlated events and processing incoming warnings, alerts and reports including triage, categorization and qualification of events, incidents and vulnerabilities
- Performing initial response based on standard playbook entries
- Providing support to incident responders and advising affected users on appropriate course of actions to be taken
- Creating documentation and tracking actions in tickets for incidents/vulnerabilities from start to the final resolution
- Producing qualified reports including recommendations or alerts to SOC customers
- Configuring and tuning the SIEM components and cyber-defence solutions for an optimal performance
- Improving correlation rules to ensure that monitoring policies allows an efficient detection of potential incidents
- Analysing risks and security policy requirements and translating them into technical events targeting the new system components
- Implementing detection means to monitor and track attacker activities in real-time and maintain IOCs in security solutions
- Supporting the incident response team in the review/analysis of security logs and the visualisation of a potential cyber-attack

You should be able to perform on-call duty and call-in in critical situations.
This role will involve some travel for business.

You have the following skills and experience:

- Educated to degree level in IT, IT Security or equivalent
- Several years of experience as a SOC Analyst and/or SOC Integrator
- Experience in using, configuring and tuning a SIEM (Arcsight ESM 6)
- Knowledge and experience in some of the following areas:
. Security analysis of firewall, proxy, IDS logs, network forensic with Wireshark, traffic baselining analysis
. Networking and network security solution/technologies (e.g. Firewalls, IDS/IPS, Switching/Routing, APT detection solutions as FireEye) and writing and optimizing IDS signatures (preferably SNORT and/or SURICATA)
. Usage of host based security solutions (as HIPS, Malware and end-point protection, OS logs, etc.) and analysis of Windows security events analysis
. Security analysis of Applicable or Middleware logs (Oracle, Apache, Weblogic)
. Log management solution Arcsight Loggers
. ELK (ElasticSearch, Logstash & Kibana)
. FireEye Ex, Nx, Ax, Fx, Hx, Ix
. CheckPoint and Juniper Firewalls
. BlueCoat proxies
- One of the following certifications is required: GCIH (GIAC Certified Incident Handler), GCIA (GIAC Certified Intrusion Analyst), ECIH (EC-Council Certified Incident Handler), CSIH (SEI Certified Computer Security Incident Handler), SCPO (SABSA Certified Security Operations & Service Management Practitioner) or an equivalent certification recognized internationally
- Fluent English; German skills would be a plus
Stelleninformation
Inserent Airbus CyberSecurity
Kontaktname Caroline Porchy
Telefon (Beziehen Sie sich auf Dice)
Referenz 10382807

Copyright © 2018, Dice

Dice ist ein DHI Service