We are looking for a Security Specialist (L3) profile within the Cyber Defense Center (CDC) in Group Security
The Cyber Defense Center defends Ericsson from cyberattacks originating from external threat actors
It ensures we are one step ahead of adversaries, identify their plans and means to execute them, block and disrupt their execution, and remove their presence from within Ericsson
Its focus is on sophisticated antagonistic threat actors who can do the most harm to Ericsson as a company
In order to achieve this the cyber defense center consists of four teams: threat intelligence, the red team, a process and governance team, and cyber operations
What you will do:
24x7 Security monitoring and incident handling across a complex network.
End-to-End triage investigation of all the threat detections originating from technology.
Participate in incident response.
Support use case development of detection analytics.
Conduct research into new threats, identifying new IOC/TTPs.
Work in shifts with efficient and accurate handover procedures.
Identify improvements in automation and investigation procedures.
Work with the Red team to identify gaps or weaknesses in security coverage.
Create threat hunting use cases through security research and threat intelligence.
Adhere to SLAs for security investigations.
The skills you bring:
A minimum of 5 to 12 years of experience working within a Security Operations Center /Managed Security Services environment.
Organization and project management skills, Good documentation skills, Positive can-do attitude.
Ability to work at odd hours and work constructively under pressure.
Worked across different cultures in a global setting and with many stakeholders.
Impeccable integrity and track record of working with sensitive information.
Technical Competences
Demonstrable experience with Incidence Response in leading public Clouds - Azure, AWS, GCP
Experience with Microsoft Azure Cloud - Azure Sentinel, Microsoft security stack, MS Graph API, Entra ID
Amazon Web Services (AWS) security tools such as Security Hub, AWS Guard Duty, AWS Macie, AWS CloudTrail
Google Cloud Platform (GCP) security tools such as Chronicle and Security Command Centre
Able to triage investigate email threats using platforms like Microsoft EOP, Trellix, Proofpoint
Working knowledge of `Security products like Endpoint Detection Response (EDR), Identity Threat Detection (ITDR) Response, Network Detection Response (NDR) from leading vendors like Trellix, CrowdStrike, MS Defender for Endpoint, Vectra
Experience in IT Security and risk management.
Security related certification like SANS GCIH, GCIA, GMON, GREM, CEH, CISSP, CHFI and Incident Response certification is an added advantage.
Full time