Blue Team Investigator - German Speaking

About us

Cybereason gives organizations the upper hand by taking an entirely new approach to cybersecurity with AI Hunting, the first AI-powered technology that answers the question “Am I under attack?” proactively, without manual effort.

We are a company that wins as one.  We are daring, always evolving, and never give up.  Most importantly we accept our employee for who they are and embrace people that may not fit the typical mold.

About the role

The Cybereason Global SOC provides global 24/7 active monitoring and proactive threat hunting services that delivers fast identification, response, and analysis of Malops so every customer’s network is guaranteed to be safe and secure from today’s and tomorrow’s threats.  Covering the the DACH region, ideally based in Germany. As a member of Cybereason’s Global SOC’s Blue Team, the Blue Team Engineer will leverage the Cybereason Defense Platform and additional technology to reverse the adversary's advantage.  This team requires members who understand various levels of offensive and defensive technologies, their effectiveness, and both documented and innovative implementations to mitigate attacks.  Our Blue Team, in addition, develops and maintains its own tools and infrastructure to quickly detect, analyse, triage, and respond to emerging and sophisticated attacks.

What you will do:

• Develop tools and automation that leverage the Cybereason Defence Platform and Global SOC technology to aggressively identify, triage, and respond to emerging threats including, but not limited to, those used in attacker toolkits and related TTPs.
• Perform detailed analysis of emerging threats from which detection and mitigation solutions are designed and implemented.
• Assist other Global SOC teams and relevant stakeholders in the detection and mitigation of advanced attacks and attacker emulation in customer environments.
• Create and deliver public and private technical documentation on research and analysis findings, mitigation mechanisms and implementations, as well as ‘best practices’ to ensure the security of customer environments.
• Interface with customers in the presentation of findings and recommendations at all levels from SOC analysts to c-suite executives
• Work closely with internal company teams both in Product and R&D, as well as customer-facing teams 
• Assist in the continued creation, maintenance, and improvement of the Blue Team’s tech stack
• Work closely with and enable other customer-facing teams in the analysis and reporting of red team and penetration testing events in customer environments.

What we are looking for

• 7+ years of experience working in IT, cybersecurity or IT administration
• 4+ years of relevant cybersecurity experience in Incident Response, endpoint security, digital forensics, or red teams
• Candidate MUST speak fluent German.
• Background and experience in at least two of the following four areas required:
• Red Team or attacker processes, methodologies, techniques, and tactics
• Binary analysis and OS internals
• SOAR/SOAPA infrastructure creation/maintenance, including playbook, automation, orchestration development
• Cybersecurity tool design and development
• Strong knowledge of modern operating systems (Windows – a must, OS X and Linux – advantage)
• Solid foundation in networking protocols and architectures
• Experience with security tools and frameworks, particularly with open-source tools (such as Sysinternals, OLE tools, Volatility, debuggers, disassemblers, etc.)
• Solid foundation with a scripting language (Python, Bash, PowerShell, etc.)
• Experience with a coding language (C, C++, Java, etc) an advantage
• Self-motivated and results-oriented; capable of leading and completing assignments without supervision
• Comfortable working in remote work environments with a globally distributed team in multiple countries.
• Strong organizational skills and ability to handle a wide range of tasks and re-prioritize them on short notice
• Motivation to constantly improve processes and methodologies
• Good written and oral communication skills, experience working with international customers

#LI-Remote

More About Cybereason:

Our culture and how we operate reflects in our shared values. Our #Defenders are individuals with diverse skill sets and backgrounds who are driven to innovate and scale with our growing organization. We are a team that strives to learn from each other, solve challenging problems, and work collaboratively toward our goal of reversing the adversary advantage.

Core Values:

• Win As One: The power of an individual is less than the power of a team.
• Ever Evolving: Change keeps us at the forefront, so we encourage it.
• Daring: To achieve the impossible, we must dare to be different.
• Obsessed with Customers: We believe gaining our customers’ trust is the most important part of what we do.
• Never Give Up: We are tenacious and resilient, and we never stop.
• UbU: We believe people can only unlock their full potential when they work somewhere that accepts who they are.

If these values resonate with you and our vision excites you, join us today and help us end cyber attacks from the endpoint to everywhere! #Defenders

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Cybereason we are dedicated to building a diverse, inclusive, and authentic workplace (#uBu), so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.