Threat Detection and Response Expert - Blue Team

The Threat Detection and Response (TDR) Expert is part of the Blue Team of OBRELA and contributes to successful incident handling escalated from OBRELA’s Security Operation Teams, gets to manage most complex findings and acts as the main incident commander as part of the incident response. He/she continuously operates a deeper investigation process to drive the collection of further evidence and support the resolution of identified issues.

The TDR Expert ensures escalated events are addressed in a timely manner using available alert and incident management tools and processes. Serves as detection authority for initial incident declaration and approves/performs further investigation of escalated events utilizing MDR technologies. Contributes with ideas to improve detection capability and drives recommendations to customers for incident remediation. Contributes to training of new analysts and evaluates analysts’ performance.

The TDR Expert is responsible for building and maintaining different SIEM/XDR content libraries and perform R&D for updating the respective content registries. Interacts with the SecDevOps teams or contributes as part of the Blue Team effort to implement threat detection analytics or customer specific use cases.

Requirements:

• Bachelor’s degree or higher in computer science or related area of study or equivalent combination of education and/or relevant work experience. MSc in relative areas is considered a plus.
• Experience in rule creation for at least one of the two following SIEMs (Azure Sentinel [KQL] – IBM Qradar)
• Excellent verbal and written communication skills, both in English and Greek language.
• Problem solving skills on short timeframes and ability to “think outside the box” & Analytical thinking with the ability to break down a big problem into smaller chunks.

Desired requirements:

• Experience to analysis and investigation of incidents using Microsoft Sentinel and/or Defender products. CrowdStrike acquaintance is considered a plus.
• Related certifications (Azure SC-200, Azure AZ-500, GCIH, GCFE, GCFA, GNFA, eCIR, CEH and/or Security+)
• Knowledge of a Threat Hunting methodology.
• Situational assessment and decision-making capabilities.

Benefits:

• Dynamic and respectful environment – our people are the core of our business, we value each and every individual and support initiatives, promoting agility and work/life balance.
• Continuous coaching – work with passionate people and receive both theoretical as well as hands-on training.
• Career development. Expand your career internationally and work alongside knowledgeable people from diverse cultures and backgrounds.

• A competitive compensation package dependent upon your experience and qualifications. We’re focused on rewarding efforts. Our salaries and benefits package will keep you motivated throughout your career.