Chapter Lead Technology Specialist CDO

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

The role Chapter Lead Technology Specialist CDO is part of the Cyber Defense and Operations Tribe, responsible for delivering a potentially releasable increment of the product at the end of each sprint. Product Teams are empowered to manage their own work, optimizing overall efficiency and effectiveness.

Chapter Leads are both the Line Manager of members of Product clusters as well as responsible for setting standards and defining competencies for the Product Teams in a Portfolio.

The role resides currently within the Threat Response Product Team, that is a global team accountable for building a cyber resilient organization by acting as a first line of defense against cyber-attacks and by educating the global organization on how to act and respond to security incidents to limit the business impact.

The CDO Tribe capabilities are aligned with the NIST frameworks and are grouped into Defensive Capabilities as Monitoring, Detection, Vulnerability Mng, Threath Intelligence; Offensive Capabilities as Incident Response, Penetration Testing; Threat Hunting Capabilities.

Your responsibilities would include:

• being the first responders to high-priority incidents, analyzing threats, doing investigations, and triage
• coordination/alignment of broader SOC Analysts team and associated activity, with emphasis on real-time proactive monitoring and incident response activity
• providing remote incident response activities and advice to support HEINEKEN operating companies during and immediately after security incidents
• identifying and investigating threats, responding promptly, and supporting security measures set by management
• creating and maturing operational security processes, procedures and SOPs for incident response
• carrying out in-depth investigations on Security events, raising incidents and supporting the Incident Management process
• occasionally being on-call to respond to incidents that arise outside of business hours (part of HOST duty)
• HOST duty – assignment as the primary or backup incident handler of the week for the duty duration, typically these are one-week per 3 months schedules aligned within the responder’s team, at least a quarter in advance
• service management – operationally overseeing and coordinating third parties involved in incident response and security monitoring
• building a team to promote collaboration and sharing of best practices in order to build the capabilities, knowledge and solving common issues.
• alignment on subject of expertise, ways of working, priorities, standards & policies, guidelines & guardrails with the affiliated competences
• building, defining, tracking and maturing competences of the chapter members, as well as addressing gaps of competences in the portfolios
• inspecting and adapting ways of working such as within the portfolios, roles and responsibilities, expectations, processes (HR or IT related), and agile Ways of Working
• temporarily supporting product groups and functional teams, fulfilling missing capabilities like architecture and security related activities
   

You are a good match if you have:

• 5+  years working experience in security operations center of international companies and with SIEM solutions
• bachelor degree or equivalent experience
• passion for security and enjoys solving problems
• understandig the Agile mindset and have basic knowledge on working in a Scrum Team. You show end-to-end ownership on work that you do
• excellent knowledge of English, written and verbal 
• experience with outsourced managed services, using ITIL processes
• certifications such as CEH, CIR, CISM, CISA, CGEDIT, any of the OWASP or similar
• proven experience track leading teams of technical specialists

Technical experience:

• operational experience with SIEM (Azure Sentinel)– Log Management, Vulnerability scanning and IPS/IDS technologies
• operational experience with the Microsoft security stack (Defender)
• Kusto query language knowledge (KQL)
• industry standard security frameworks for information systems (NIST, ISO 27001/2, CSA, COBIT)
• familiarity with scripting programming, e.g., Bash, PowerShell, Python
• the Cyber Kill Chain & MITRE ATT&CK framework
• security solutions (SSL, Remote Access, IPSEC, Reverse Proxy, IDS/IPS, Firewall, Multi Factor Authentication)
• knowledge of :
  • penetration testing, Malware engineering
  • offensive security specialist (e.g pen tester, ethical hacker, etc.)
  • sysadmin skills (Linux/MAC/Windows)
  • network admin skills
  • network security administrator
  • enabling services (e.g NTP, SMTP, patching, Antivirus)
  • server infrastructure (VMWare ESXi, storage, Azure, AWS)
  • cryptography knowledge (basic algorithm knowledge)
  • DB knowledge
  • authentication protocol knowledge
     

Soft Skills:

• being able to translate technical language into a story that can be understood, and cohesively present it back to different stakeholders with a clear message
• providing clear, concise and easily consumable communication with key technical and non-technical stakeholders
• able to work in a complex and highly externalized environment
• interested in continuous self-development through training and learning on the job. Being curious about new developments and technologies; educating yourself
• critical thinking and contextual analysis abilities
• investigative and analytical problem solving skills
• teamwork, can-do mentality
• strong time management skills and willing to go above and beyond where required
• working in a highly dynamic environment, whit high pressure situations
• ability to take decisive action based on available information in a timely manner
• ability to research and characterize security threats to include identification and classification of threat indicators
• strong time management skills and willing to go above and beyond where required
• be passionate about mentoring and coaching junior resources, sharing knowledge
• having continuous improvement mentality that helps improve and grow the team
• being able to coach and mentor on ones area of expertise

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting proper option in this tool or by communicating it on hotline.