The Security Incident Specialist is responsible for ensuring robust incident management by investigating and addressing security incidents reported by or assigned to the SOC.

Description

This role involves leading incident response efforts, escalating issues to designated owners when necessary, and coordinating the implementation of Azure Security Solutions, including Azure DLP, Defender, and Defender for Cloud. Additionally, the specialist will support the development and refinement of policies and procedures to enhance Security Incident Management and Cybersecurity practices.

Key responsibilities include:

• Demonstrating familiarity with Microsoft Security Solutions (Defender, Sentinel, Azure, Entra, etc.).
• Implementing Azure Security Solutions to strengthen the organization's security posture and optimize incident handling processes.
• Maintaining and developing the company's security monitoring systems and ensuring efficient SIEM ingestion (Sentinel).
• Ensuring the proper collection of logs, alerts, and incidents for effective monitoring and response.
• Reviewing and developing analytics and playbooks for incident classification, assignment, and response automation.
• Reporting the status and outcomes of incidents and investigations to company stakeholders.
• Writing clear incident reports, combining logs and evidence, tailored for both C-level executives and technical teams.
• Coordinating the Incident Management process with Vulnerability Management to ensure cohesive security operations.
• Supporting initiatives to enhance secure architectures, reducing the potential threat landscape.
• Aligning the Incident Management process with organizational policies, procedures, and security guidelines.

Profile

• Master/Bachelor Degree on cybersecurity or computer science and 3y+ as SOC analyst, or undergraduate and 5y+ as SOC analyst

Excellent practice on:

• SIEM/SOAR (Sentinel) maintenance and development
• Log collection, analysis and correlation
• Incidents investigations and response
• Malware analysis
• Phishing analysis
• File system checks and memory dump
• Ioc editing and searching

Good practice on:

• Evidence acquisition and retention
• Secops scripting (bash, vbscript, Powershell, python)
• Threat intelligence and OSINT.
• Support the cybersecurity policies and procedures definition (especially Security Incident Management)

Eager to learn, curious mind to find threats, discover backdoors, find attack vectors, talented to build and show samples for scratch

Highly effective communication skills and be capable of presenting data clearly to various audience

Excellent written and verbal English

Ability to work within complex teams and in an international environment.

Desirable Requirements

Certifications: Blue Team Level 1 (BTL1), Blue Team Level 2 (BTL2), eCTHP, eCIR, GCIH, SC-200, , AZ-500, AZ-900, Certified CyberDefender (CCD) or similar.

Experience in cybersecurity governance, including the development and alignment of policies, frameworks and compliance strategies.

Job Offer