IT Security Engineer (Cyber Incident Response and Threat Hunting)

Your area of work:

Cyber Emergency Response Team (CERT) is the central unit for Information Security Incident Response, Threat Hunting and Adversary Simulation capabilities. CERT performs his activities in strict cooperation with the Security Operation Center (SOC) and Cyber Analytics team, responsible for Cyber Threat Detection development and Intel analysis.

Your responsibilities:

DBG CERT is looking for a highly motivated and curious Incident Response Engineer with experience in the identification, containment and mitigation of IS incidents. You will be involved in all stages of IS Incident Response as well as in the Threat Hunting program. You’re also expected to support the SOAR task force to automate detection and remediation and help us build the next generation of security operations and response platform within the Cyber Defense section.

Lead cyber security incident response engagements covering incident handling and coordination, in-depth technical analysis, and investigation through to recovery

Develop IR initiatives that improve our capabilities to effectively respond and remediate security incidents (e.g. defining SIEM use-cases, identifying threat hunting hypothesis, promoting red-teaming activities, etc.)

Perform analysis of logs from a variety of sources (on-premises and cloud-based) identifying potential threats

Perform root cause analysis and drive implementation of containment and mitigation strategies

Perform post incident lessons learned, root cause analysis and incident reporting

Participate in Blue/Red teams exercise to test and improve our monitoring and response capabilities.

Build automation for response and remediation of malicious activity

Recommend security measures to address cyber threats identified in a proactive-based approach

Help to improve the CERT process excellence by maintaining information security documentation in line with regulatory requirements

Your profile:

Previous experience in a CERT or SOC team as well as involvement in IS Incident investigations

Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic

Expert working knowledge of technical and organizational aspects of information security, e.g., through prior defensive or offensive work experience

Solid understanding of cyber threats and MITRE ATT&CK framework

Deliverable-oriented, with strong problem-solving skills and adaptation on complex and highly regulated environment

Team player willing to cooperate with multiple colleagues across office locations in a cross-cultural environment

Good report-writing skills to present the findings of investigations

Available during the working hours (Mo-Fr) + on-call duty

Fluent in spoken and written English, including security terminology; proficiency in German is a plus

Strong assets:

Background in Malware Analysis, Digital Forensics and/or Cyber Threat Intelligence

Experience in Threat Hunting including the ability to leverage intelligence data to proactively identify and iteratively investigates suspicious behaviour across networks and systems

Development of automation of various CERT/SOC processes via SOAR solution

Development (e.g. Python, Shell scripting)

Cloud Security expertise (primarily GCP and Azure)

Vulnerability Handling / Management

Relevant Industry Certifications such as SANS/GIAC (e.g., GCIA, GCIH, GNFA, GCFA), CompTIA (Security+, Cloud+, PenTest+), OSCP, eLearnSecurity are desirable.