Senior Cyber Security Analyst - Security Information and Event Management System Engineer, SCSA (SIEM)
SIEM is an important part of the organisation’s cyber security ecosystem. The SCSA’s role is to help the organisation fight cyber threats by evolving and expanding the SIEM capabilities within the boundaries of the Paysera group, and practically apply expert knowledge on detection, assessment, reaction, and control of operations conducted to stop and/or prevent cyber incidents that come from inside and outside of the organisation. SIEM is one of the most important threat detection and security problem escalation points within the organisation. The SCSA reports to the organisation’s Chief information security officer (CISO).
You will be responsible for:
- taking a lead role in planning, executing, and maintaining SIEM projects, managing the SIEM roadmap;
- building SIEM capabilities by integrating various technological solutions, integrating the assets that allow to collect, aggregate, store, analyse, interpret, and graphically demonstrate security information and events data;
- building, acquiring, and integrating a variety of fresh and credible information and data flows that feed the SIEM system;
- preparing and maintaining governance documents around SIEM controls, content, and performance;
- analysing SIEM data in order to detect cyber threats, conduct cyber threat intelligence, and cyber threat hunting;
- acquiring, managing, and integrating Indicators of Compromise (IOCs) within the organisation’s security systems;
- leading reactive or preventive cyber security operations;
- actively participating in incident handling and business continuity events, incident investigations, evidence collection, and forensics;
- assessing and critiquing system security plans, network diagrams, security documentation as part of vulnerability assessment or remediation engagements;
- providing support to the teams who run penetration tests, consulting the organisation’s software development, networking, coding, and security staff by sharing expert knowledge.
We expect you to have intrinsic motivation and have:
- desire to take leadership as a process owner;
- the ability to organise the workflow in the assigned area and prioritise tasks;
- a strong analytical mind, be detail oriented;
- a degree in a related field such as Software Engineering, Math, Computer Science, IT, or Cyber-Security;
- around 5 years of relevant hands-on working experience with security operations, incident analysis, incident handling, vulnerability management, log analysis, and intrusion detection;
- around 3 years relevant hands-on working experience with SIEM solutions;
- the ability to develop scripts and to simplify data parsing, collection, and other laborious tasks that are necessary for the integration of logs sources and data feeds;
- experience with collecting, analysing, and interpreting qualitative and quantitative data from multiple sources;
- in depth experience with the leading SIEM technologies such as ArcSight, QRadar, Nitro, NetWitness or Splunk, IDS/IPS, firewalls, user and network behavioural analysis, monitoring tools such as Nagios, SolarWinds, etc., familiarity with open source SIEM solutions such as AlienVault OSSIM, Wazuh;
- in depth understanding of network probing and scanning, DDoS, malware behaviour, abnormal activities, such as worms, trojans, and viruses;
- strong fundamental knowledge and understanding of current security vulnerabilities, attack vectors, industry technologies, trends and techniques, hacking tactics, techniques, and behaviour, APT, covert channels, egress and data exfiltration techniques;
- experience with SIEM content creation, dashboard development and reporting;
- extensive knowledge of network segregation, networking protocols, TCP/IP stack, system architecture, operating systems, web applications, access controls, IDS/IPS technologies, cryptography;
- an understanding of propagation of malware in enterprise environments, web based exploit kits and the methods used, APT and targeted malware, malware mitigation controls in an enterprise environment;
- familiarity with the CVSS vulnerability scoring system;
- basic to medium knowledge of penetration techniques and digital forensics;
- certification in one or more of the following: GIAC, CISSP, CISM, CCSE, CISA, HBSS, NSA, CEH, Cisco Security, Security +, or other comparable security certifications or acknowledged courses.
- team oriented values, be supportive and committed to excellence, and possess a high level of initiative and self-motivation, committed to continual personal and professional growth, possess a proactive approach.
It is worth being a Paysera employee because of:
- in each case salary is agreed individually taking into account the candidate's competence;
- flexible working hours;
- accident insurance;
- internal and external training and learning courses and conferences;
- perfect time with perfect colleagues – table football (foosball), games nights and various team building events, We_are_Paysera;
- electric scooters which can be used for work/ leisure;
- free drinks and healthy snacks.
If you would like to join our team, please send your CV with the subject "Senior Cyber Security Analyst" to the email address email@example.com. Only selected candidates will be contacted, but we are grateful to all who send their CV.
In compliance with the legislation, we would like to indicate that for the present position we are willing to offer a monthly salary from 1600 to 3000 EUR gross. The exact amount depends on the experience, education, and competences of the future employee and acquisition of the established goals (if applicable).