We are looking for a Security Analyst with a minimum of 3 years experience in the field, a strong understanding of SIEM systems, and excellent analytical and problem-solving abilities.
As a Security Analyst, you will provide essential 2nd line support for our security operations, focusing on incident investigation and response. A proactive and vigilant professional, you will act as a pivotal resource for monitoring and managing the alerts from our managed EDR and SIEM services, and act decisively to address and escalate incidents as necessary. Further general security work opportunities will be given outside the pure Security Analyst role for proactive, inquisitive individuals.
This is a fully remote role embedded with our client – a major German software group.
Monitor EDR and SIEM alerts provided by our managed security service vendors, analyze their validity, and prioritize responses according to severity and impact.
Lead the coordination with impacted employees or system owners to remediate and manage security incidents effectively.
Determine the need for escalation and participate as a key player in incident response, working closely with external Incident Response providers.
Collaborate with the Security Architect to optimize log collection and aggregation for an effective SIEM deployment.
Work with the infrastructure teams managing Firewalls, Web Application Firewalls and other security tools to define appropriate custom security rules to detect both known and unknown malicious and abnormal activity.
Investigate network anomalies, phishing emails, abnormal user activities, and manage DLP incidents.
Conduct proactive threat hunting to identify potential security threats before they can be exploited by attackers.
Develop and refine IoCs based on the latest threat intelligence, and operationalize them within the security infrastructure to enhance detection capabilities.
Utilize forensic tools and techniques to investigate incidents, perform root cause analysis, and aid in the recovery from security breaches.
Analyze patterns of normal network behavior to establish a baseline, allowing for the quick identification of anomalies indicative of security incidents.
Participate in the continuous improvement and fine-tuning of threat detection and response capabilities within the security operations center (SOC).
Deliver educational initiatives on email security and general security in the workplace (e.g. social engineering attacks)
Configure Information Management rules, particularly focusing on Microsoft Purview, such that DLP alerts are minimised and employees follow best practice through active pop-up notifications.
Maintain configurations within Microsoft M365 for enhanced security, including the management of secure conditional access policies, and integration with our Zero Trust approach (e.g. MS CASB).
Facilitate, but not directly execute, penetration testing, while actively managing vulnerabilities alongside system owners across the organization’s infrastructure.
Provide expertise relating to vulnerability management within the software development life cycle, helping Developers utilize SAST, DAST, and Software Composition Analysis (SCA) tools, such as Snyk.io, to identify and address code vulnerabilities.
Assist with the crafting and maintenance of written security policies and documentation, providing a clear framework for organizational cybersecurity.
Stay informed on the latest cybersecurity threats and trends to ensure the defensive strategies remain ahead of potential threats.
Periodically review and recommend improvements to existing security protocols and architectures.
Be an advocate for cybersecurity across the organization, raising awareness and fostering a culture of security mindfulness.
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
Minimum of 3 years of experience as a Security Analyst or in a similar cybersecurity role.
Certifications such as SANS GCIH, CompTIA Security+, CEH, or other relevant industry qualifications.
Experience with endpoint detection and response (EDR) platforms (e.g. MS Defender, CrowdStrike etc.) and understanding how to interpret their alerts.
Strong understanding of SIEM systems (e.g. MS Sentinel), log management, and incident detection techniques.
Experience with vulnerability management tools and processes, including knowledge of SAST, DAST, and SCA tools (e.g. VeraCode, Snyk.io etc.)
Proficiency in managing security features and policies within the Microsoft ecosystem, particularly M365, Intune, and Purview.
Excellent analytical and problem-solving abilities to identify and mitigate potential security threats.
Effective communication skills for coordinating with multiple departments and facilitating security training and awareness programs.
Ability to create detailed documentation, policy, and procedure materials in support of cybersecurity efforts.
Diligent and detail-oriented approach to cybersecurity, capable of thorough analysis and clear reporting.
A flexible and adaptive mindset, willing to take on a variety of tasks as needed to support the security posture of the organization.
If you have any questions you would like to ask or if there is any additional information you would like to receive, please feel free to get in touch via either career@kruschecompany.com or the contact form at the bottom of this page.