L2 CSIRT Analyst
Porto, Portugal
Alter Solutions
Looking for an IT partner? We're an IT consulting company with expertise in Nearshore software development and Cybersecurity. Offices in 13 countriesJob Description
Job Description:
The L2 Computer Security Incident Response Team (CSIRT) Analyst plays a crucial role in responding to and investigating cybersecurity incidents, including Data Loss Prevention (DLP). This role is essential for promptly addressing alerts, conducting detailed incident analysis, and escalating sensitive/critical cases to the L3 CSIRT Analyst.
Main Responsibilities:
Manage cybersecurity investigations based on CyberSOC use cases and DLP detection systems;
Analyze the effectiveness of existing DLP controls and propose technical, functional, and process improvements;
Contribute to the development and optimization of CyberSOC use cases;
Monitor DLP-related events, conduct investigations, and respond to data leakage incidents according to internal procedures (including interviews with key stakeholders such as HR, Procurement, DPO, etc.);
Develop and improve data protection policies and rules across various systems and manage exceptions;
Respond to and facilitate eDiscovery requests from the IT Security, HR, Legal, and Compliance teams;
Maintain accurate and detailed records of incidents in the group’s GRC tool;
Support cybersecurity governance by providing detailed reports and KPIs;
Quickly escalate complex incidents to L3 CSIRT Analysts, ensuring all relevant data and preliminary findings are accurately communicated;
Contribute to the industrialization and formalization of Cyber Defense processes, improving their effectiveness;
Provide analysis and expertise on cybersecurity incidents, including root cause identification and preventive measures.
Qualifications
Technical Skills:
Event and incident monitoring and response (identification, alerting, and containment);
General cybersecurity knowledge (log analysis, endpoint security, e.g., EDR solutions);
Scripting languages (Python);
Protocol knowledge (HTTP, SMTP, etc.);
Experience with SIEM (Security Information and Event Management);
Experience with SOAR (Security Orchestration, Automation, and Response);
Knowledge of DLP (Data Loss Prevention) solutions.
Language Skills:
Fluency in English (both written and spoken) is mandatory.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation Compliance CSIRT Cyber defense EDR Endpoint security Governance Incident response KPIs Log analysis Monitoring Python Scripting SIEM SMTP SOAR
Perks/benefits: Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.