Technology Specialist - CDO (The Threat Hunter)

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

The Threat Hunter is part of the Cyber Defense and Operations Threat Response Product Team, and is one of the professionals who do the work of delivering a potentially releasable increment of the product at the end of each sprint. Product Teams are structured and empowered by the organization to organize and manage their own work. The resulting synergy optimizes the Product Team’s overall efficiency and effectiveness.

The Cyber Defense and Operations (CDO) Tribe is a global team accountable for building a cyber resilient organization by acting as a first line of defense against cyber attacks and by educating the global organization on how to act and respond to security incidents to limit the business impact.

The CDO Product Teams capabilities are aligned with the NIST frameworks and are grouped into (1) Defensive Capabilities as Monitoring, Detection, Vulnerability Mng, Threath Intelligence, (2) Offensive Capabilities as Incident Response, Penetration Testing, (3) Threat Hunting Capabilities.

The CDO Tribe is a fast growing team, working in a complex and challenging business environment and has an ambitious strategy to implement in the next years In this context, the Cyber Defense Centre is seeking to hire an experienced security analyst and incident responder, to be part of the core CDO Team.

Your responsibilities would include:

• spending 75% of the time on threat hunting activities and 25% on incident response operational activities
• maturing the HNK threat hunting process by evolving and improving existing setup in terms of capabilities, process, and technologies
• prioritizing future hunts based on threat intelligence and HNK environment risks together with the HNK TH committee
• researching trending campaigns, attack vectors, and searching for these in the HNK environment
• hunting for new patterns, activities, and ever-changing tactics associated with advanced threat actors
• performing hypothesis, IOC, and analytics-based hunts in the HNK environment
• performing threat hunting write-ups that contain summaries of actions performed, results discovered during the hunt, conclusions made, and analyzing those with the TH committee in HNK
• working with alerts from the SOC analysts, incident response team, or HNK vulnerability management team when needed to perform in-depth analysis and triage threat activity based on host and network activity, traffic, and protocol analysis to identify infection vectors, the extent of the infection, and preparing high-quality reports based on findings
• being the first responders to higher-priority incidents, analyzing threats, and doing investigations and triage
• coordinating and aligning the broader SOC analysts team and associated activity, with emphasis on real-time proactive monitoring and incident response activity
• providing remote incident response activities and advice to support HEINEKEN operating companies during and immediately after security incidents
• detecting threats, investigating those threats, and responding to them in a timely fashion (operational threat hunting related to realized security incidents)
• implementing security measures as dictated by management
• creating and maturing operational security processes, procedures, and SOPs for incident response
• carrying out in-depth investigations on security events, raising incidents, and supporting the incident management process
• supporting the creation of security monitoring content
• occasionally being on-call to respond to incidents that arise outside of business hours
• overseeing and coordinating third parties involved in incident response and security monitoring from a service management perspective.

You are a good candidate if you have:

• 5+ years working experience in security operations center of international companies and with SIEM solutions
• bachelor degree or equivalent experience
•  a passion for security and enjoy solving problems
• an understanding of the Agile mindset and basic knowledge of working in a Scrum Team. You show end-to-end ownership of the work that you do
• excellent knowledge of English, written and verbal
• experience with outsourced managed services, using ITIL processes
• certifications such as CEH, CIR, CISM, CISA, CGEIT, any of the OWASP or similar

• operational experience with SIEM (Azure Sentinel) – Log Management, Vulnerability scanning, and IPS/IDS technologies
• operational experience with the Microsoft security stack (Defender(s), especially Microsoft Defender for Endpoints)
• Kusto Query Language knowledge (KQL)
• knowledge of industry-standard security frameworks for information systems (NIST, ISO 27001/2, CSA, COBIT)
• basic familiarity with scripting programming, e.g., Bash, PowerShell, Python, and Jupyter notebooks
• The Cyber Kill Chain & MITRE ATT&CK framework
• basic knowledge of security solutions (SSL, Remote Access, IPSEC, Reverse Proxy, IDS/IPS, Firewall, Multi-Factor Authentication)
• experience in penetration testing, ethical hacking, or malware analysis
• understanding of offensive security techniques and methodologies
• knowledge of administering Linux, Mac, and Windows operating systems
• experience in network administration and security, including firewall configuration and intrusion detection
• familiarity with enabling services such as NTP, SMTP, patching, and antivirus management
• knowledge of server infrastructure, including VMware ESXi, storage solutions, and cloud environments like Azure and AWS
• understanding of cryptographic principles and common encryption algorithms
• awareness of database security best practices and vulnerability mitigation.
• experience with authentication protocols and identity management solution.

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting proper option in this tool or by communicating it on hotline.

What we offer: