Threat Detection & Response Analyst

Job Description:

The Threat Detection & Response Analyst works within the Security Operations Center (dbSOC), which is set up within a Follow-The-Sun model. He/She is responsible for the monitoring, detection and analysis of information security events and incidents.

Additionally, he/she acts as a specialist for information security incident response processes to protect the Bank, its partners, and clients of any potential loss. Besides operations tasks, he/she will be supporting to evaluate and adjust processes, tools, and reporting.The objective is to identify and close gaps in the event detection, as well as improving the detection, analysis, and response of security events, ideally in an automated way. Focus is on events in the area of network, endpoint and cloud security (GCP/Chronicle and Microsoft Azure/Sentinel).

Responsibilities

• Handling security events from multiple channels such as the monitoring tools, the Cyber Security Hotline & Mailbox
• Monitoring, detection, and analysis of security-relevant events, including response and documentation. Conduct/contribute to risk assessments to evaluate the criticality of information security events.
• Opening tickets for documentation, further actions, and follow-ups
• Supporting the triage and enrichment of alert data and improving detection use cases
• Improvement of the current threat detection capabilities, ideally via automation of standard processes
• Working in the daily operations, within defined processes and related SLAs
• Supporting the entire SOC team with your security expertise and process know-how

Skills

• Solid background and good understanding of enterprise technologies especially focusing on security devices, network engineering, operating systems, databases and security configurations on application level
• Experience with analyzing system logs including network traffic logs, payload, event logs, application logs, firewall logs, Active Directory etc.
• Experience with Security Incident and Event Management (SIEM) systems. Ideally experienced with Splunk, GCP Chronicle , and/or Microsoft Sentinel.
• Cyber security expertise and familiarized with incident response.
• Good knowledge of current threat landscape and attack scenarios/tactics, as well as containment and protection measures, familiar with MITRE ATTACK framework.
• Good knowledge on Cloud security, ideally on Google Cloud and/or Microsoft Azure.

What we offer 

• A rewarding work: we offer a purpose, a competitive income and promotions based on performance 
• Managers that empower your ideas and your decision-making abilities. You’re encouraged to show your good vibe, determination, and open mindedness 
• A professional, passionate, driven, but at the same time fun workplace. It is also flexible, including Work from Home opportunities] 
• Medical providers to choose from with premium benefits for you and your loved ones 
• The better you feel, the better you work. We nurture you with highly modern office that includes plenty of fun and relaxing areas to boost your creativity. We also facilitate copiously retailer discounts, cultural and CSR activities, employee sport clubs, workshops & more. 

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.