Cyber Security Operations Engineer

If you like change, change to us

We are an international mid sized group with appetite for innovations, approachable management, lead by objectives / targets which give the opportunity of a wide range of empowerment. We as a growth oriented market leader invite you to join us on our journey from good to great!

Cyber Security Operations Engineer

Job Description:

• Working as a key player in a dynamic and international team ensuring the security (CIA) confidentiality, integrity and availability of the company and its customer's (where relevant) systems and data.
• The Cyber Security Engineer uses technical skills and knowledge in several security technologies to analyse and respond to security threats from various security platforms and technologies.
• Responsible for initial triage of incoming security related incidents. Automate and monitor, analyse logs and alerts from a variety of different technologies across multiple platforms in order to identify and mitigate security incidents.
• Experience and knowledge in technologies, methods and platforms:
  • SIEM, Azure Sentinel, Splunk, etc.
  • IDS/IPS, Firewalls, Network Access Control.
  • Phishing, Social Engineering methods.
  • MITRE-Framework, TTPs, Cyber-kill-chain, Security Baselines, Pen-tests, Red Team vs Blue Team.
  • Behavioral analysis, Anti-virus and EDR, end-point protection and other advance security systems.
  • Sandboxing, Malware analysis, URL redirections, Threat Intelligence, Threat Hunting
  • Servers and workstations of various OS (Microsoft, Linux, Unix, MacOS, Citrix)
  • Other security technologies such as: Public Cloud: Azure, AWS, CASB, SASE, SSE.
• Assess the security impact of security alerts and traffic anomalies to identify malicious activities and take mitigating actions or escalates to other operations team or management as appropriate.
• Enable OS hardening across multiple operating systems like Linux and Windows.
• Execute analysis of email-based threats to include understanding of email communications, platforms, headers, transactions, and identification of malicious tactics, techniques, and procedures.
• Process tactical mitigations based on results of analysis and determination of threat validity.
• Follow escalation and handoff procedures to team members and leadership based on defined threat and priority determination.
• Document results of cyber threat analysis effectively and prepare comprehensive handoff and/ or escalation for Incident Reponses or other teams, forensics.
• Support in writing technical articles and presentations for knowledge sharing within the team, when necessary.
• Coordinate with other departments on exercises, programs, and workshops, as needed.
• Develop and report enterprise-level metrics for Cyber Security, vulnerabilities and risk and remediation progress or mitigation steps. Understand, demonstrate, and educate stakeholders on the real-world impact of threats and vulnerability exploitation in a given environment.
• Assist to design security and strategies/ concepts related to servers, clients, and other ICT systems to support a growing global enterprise network in line with company goals; working to existing standards and developing new ones.
• Participate in security risks, threats and vulnerabilities assessments and audits.
• Analyse internal and external network, server and application activity using various tools.
• Improve security related monitoring and alerts by using automation where applicable.
• Identify and provide mitigation/ improvement steps for any security gaps in network, server and applications.
• Participate in new security solutions evaluation, design and implementation.
• Provide information security requirements advice and counsel to various teams.
• Stay on top of technology advancements in IT specifically network and system security be aware of malicious attack vectors, common vulnerabilities, and best-practice security defenses. 
• Implement and maintain (where required) documentation, licences etc.
• Communicating, working with and coordinating actions with third-parties and external consultants and engineers.

Education & Experience:

• Degree in computer science or 3+ Years’ experience working in IT and at least 2+ years’ working within a SOC or Operational Security Team.
• Licences/ Certifications: Industry recognised certifications preferred from: CISSP, CISM, CEH, CompTIA Security+, OSCP, CCSP, Microsoft (Cloud, Hybrid, Azure, legacy e.g. MCSE).

 Profile:

• Background in security threat analysis and threat hunting with ability to determine risk level of identified threats and necessary urgency in remediation.
• Possess strong technical understanding of common network and system vulnerabilities.
• Understanding of networking principles (OSI Model, routing, TCP/IP). Windows and Linux operating systems, and basic administration.
• Knowledge of best practices in common security technologies and methodologies.
• Problem solving skills and ability to work under pressure in a rapid paced environment.
• Experience working with cross-business and cross-functional teams in a geographically distributed environment.

Contact for this position: Marta Rachwał 

NORMA Polska Sp. z.o.o.
Gabrieli Zapolskiej 44
30-126 Krakow, Poland