Key skills
AWSCloudCyber SecurityGoogle Cloud PlatformPythonBashPowerShellGCPGoogle CloudCommunication
About this role
Role Overview
- Monitor, conclude and improve security deviations on different IT Services (Public Cloud, MBSS, network…)
- Support, coordinate and improve the Endpoint protection service (specifically on alerts & events, footprint monitoring and incident oversight and escalation management)
- Fine tune the alerts and thresholds defined on the different IT Security Tools.
- Improve and define SIEM use cases, log management policies and sources follow-up, alerts and thresholds, in order to leverage them within real time event monitoring activities or for future exploitation and usage.
- Support incident investigations by providing deep technical expertise in attacker behaviors, telemetry analysis, and log correlation.
- Monitor, conclude, maintain and improve different detection services as part of cyber security regular operations (CTI, threat hunting, leaked credentials, look-a-like domains, phishing alerts…)
- Support from a security standpoint the business divestment and acquisitions, so that new entities comply with Holcim’s standards, and risks are minimized in business to be sold.
- Analyze and tune existing alerts and detection logic to reduce noise and improve operational efficiency.
- Maintain and improve the Holcim’s knowledge base, to ensure continuous monitoring and deployment of cyber security controls and mechanisms take place.
- Work closely with the Protect and Respond cyber security teams, to ensure standards and configurations in place are well understood, by ensuring the right detection capabilities are in place in case of a significant breach, and by providing all required support to the Respond area in case of a crisis situation.
Requirements
- University degree in the field of computer science, engineering, or a related field to support IT and cyber security advice.
- Being in possession of at least one cyber security certification from ISACA, ISC2, Sans Institute or equivalent.
- 5+ years of experience in cybersecurity, with a strong focus on detection engineering, security operations, or threat detection.
- Candidates with a Cybersecurity Master or working on a SOC would be in advantage.
- Hands-on experience working with Google SecOPs SIEM/SOAR platform.
- Experience developing detections using SentinelOne EDR/XDR platform.
- Strong understanding of attacker techniques and adversary behaviors, including familiarity with the MITRE ATT&CK framework.
- Experience analyzing endpoint, network, cloud, and identity telemetry.
- Experience with AWS and GCP cloud providers security monitoring methodology and tools.
- Experience using incident handling methodologies.
- Understanding of adversarial behavior, malware basics, system and network events and administration.
- Experience with scripting or programming (e.g., Python, PowerShell, Bash) for automation and detection development.
- High level of ethics, values and personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
- Excellent written, oral and interpersonal communication skills in English.
- Effective in a variety of communication settings (one-on-one, small and large groups, or among diverse styles and position levels).
- Attentively listens to others.
- Be a team player.
- Extensive experience working in a team-oriented and collaborative environment.
- Preference to have worked in a global environment and with virtual teams.
Tech Stack
- AWS
- Cloud
- Cyber Security
- Google Cloud Platform
- Python
Benefits
- Value inclusion within your day to day responsibilities by respecting others’ perspectives/ convictions, engaging others’ opinions, creating a safe environment where people, ideas and opinions are valued within the team / “internal” customers and external partners.
- Respect and take into consideration diversity by valuing different world views, challenges and cultures that represent all walks of life and all backgrounds.