Cyber Security Incident Responder Analyst
GSS provides shared services to the Group companies, with Head Office in Italy and branches in 5 European countries, a total staff of about 1.000 people. Within the Chief Security Office Division, GSS CERT is responsible of responding (containing and mitigating) to security eventsGSS provides shared services to the Group companies, with Head Office in Italy and branches in 5 European countries, a total staff of about 1.000 people.
Within the Chief Security Office Division, GSS CERT is responsible of responding (containing and mitigating) to security events and incidents detected by the SOC and the CTI Team.
For GSS CERT, we are looking for a Cyber Incident Responder and Threat Hunter, who will work in a team of both Junior and Senior Incident Responders and Threat Analysts and work closely with the SOC (Security Operations Center).
His/Her main mission will be to perform advanced threat hunting and to respond to cyber security incidents.
Duties will include investigating computer and information security incidents to determine extent of compromise to information and automated information systems, providing computer forensics and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments, researching and maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
In addition, the GSS CERT will lead and mentor other SOC Analysts and SIEM Use Cases to improve detection and will communicate with executive leadership regarding matters of significant importance (fraud, privacy, GDPR, data breach).The ideal candidate will meet the following requirements:
- Bachelor's Degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field and 6+ years of prior relevant experience at least in two of the following areas: incident detection and response, threat hunting, malware analysis and reverse engineering or cyber forensics
- In case the candidate is not graduated, 12+ years of prior relevant experience in the areas of incident detection and response, threat hunting, malware analysis, reverse engineering or cyber forensics
- Relevant experience in performing both network and device forensics in most of the technologies listed above is required. Experience in software reverse engineering for malware analysis (static and dynamic) is required. As malware analyst and reverse engineer the incident responder analyst will represent the technical elite that during an incident if required he/she will apply his/her ability to look deep inside malicious software to understand the nature of the threat, how it got in, what flaw it exploited, what it is trying to do or has down and how to contain it and mitigate to avoid future incidents. Out of incident scenario, the analyst will test and improve his/her skills on the dedicated CyberLAB
- Good level of experience in software development (for the CyberLAB: bash, C/C++, Python and Powershell) would be definitively a plus. Knowledge of other scripting languages is a plus
- Ability in issuing clear and synthetic reports and documents, thus knowledge of MS Office package is required
- Strong understanding of the security implications and investigation methods for the most common IT components: network infrastructure (routing, switching and firewalls), security infrastructure (IPS, WAF, AV), OS knowledge (Linux/UNIX and Microsoft Windows, client and server), core infrastructures (Active Directory, Exchange, DNS, DHCP), full stack web services infrastructure and technologies involved (front-end to back-end). Analysis of network captures and knowledge of TCP/IP and network protocols
- Knowledge of main SIEMs in the market (ArcSight, QRadar, Splunk, LogRhythm)
- Skills in mobile technologies would be a plus (Android, iOS and Windows Mobile but also the GSM protocols and typical applications).
- SANS GIAC: GCED, GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON or GCIH
- ISC2: CCFP, CCSP, CISSP CERT CSIH
- EC Council: CHFI, LPT, ECSA
- Offensive Security: OSCP, OSCE, OSWP and OSEE
- EnCase: EnCE
- Advanced problem solving and analytical skills
- Great attention to privacy and confidentiality
- Ability to work in multicultural contexts and to deal with different scenarios
- Fluent English (at least B2). Another European language is a plus
- Managerial skills: Committed, Prioritization and sense of urgency. Ability to synthesize
- Good relational and communication skills
- Proactivity, high energy and enthusiasm, with a "hands-on" approach, resilience
- Ability to work effectively as part of a team, sharing tasks and knowledge.