Distinguished Information Security Engineer – CDC Incident Response Team

Prag, Hauptstadt Prag, Tschechien Global Business Services 33581 29. June, 2020
Jetzt bewerben

ABOUT THE ROLE:

Prepare and Rehearse 

Execute preparation and planning efforts, within DHL IT Services organization, to respond to various security incident scenarios (internal and external). Plan, design, deploy and improve incident response ecosystem capabilities: people, processes and technologies to efficiently and effectively respond to real and potential scenarios. Rehearse to ensure continuous high readiness.  


Respond

Lead medium and major security Incident Response activities across DPDHL organization, with help of internal and external teams. Conduct digital forensics in-depth (network, host, memory) and malware analysis.  


Hunt

Execute Cyber Threat hunt exercises. Manage portfolio of hunt hypothesis, their execution and end outcomes delivery. Develop adaptive capabilities to allow easy on-boarding and efficient execution of new threat hunt exercises to prepare organizational response to “zero-day” threats, campaigns and vulnerabilities.  


The Team / AsOne

Cyber Defense Center Incident Response Team is part of an adaptive, integrated and intelligence driven function which, in relation to cyber-attacks, provides range of predictive, prevention, detection and response services to DHL Group. CDC IRT works closely with CDC 24/7 Monitoring and Engineering, CDC RedTeam (CSIRT), and Security Engineering teams. 


What really matters!

Your KEY objective is to keep DHL IT operations running! by executing efficient and effective breach response capabilities, and minimization of impact on DPDHL Group from cyber incidents. Your MISSION is to: shorten time to detect a breach, shorten time to contain it, shorten time to remediate and recover from it. 


DPDHL group must always emerge stronger from every cyber threat response rehearsal, from every medium and major security incident, from every cyber threat hunt and readiness exercise.


YOUR WORK:

  •  Continuously develop Incident Response practice (including reporting). Set high standards! Be a role model in practice execution and in incident response “fighting spirit” (dedication, persistence, continuous learning). 

  •  Train and develop “Incident Responders” skills and mindset, across ITS teams. Be a knowledge sharing role model. People are our most critical “asset”!

  •  Execute preparation and planning efforts, within DHL IT Services organization, to respond to various security incident scenarios. Provide regular reports on the matter. 

  •  Research emerging Cyber Threats, prepare incident response plans, and “sharpen” people, process and technology.

  •  Lead (plan, organize, coordinate) medium and major security Incident Response efforts, end-to-end, across DPDHL organization. Provide regular reports on incidents response activities, next steps and lessons learned.

  •  Execute digital forensics (multi-platform and network), data acquisition and data analytics in-depth (host and network level). 

  •  Execute memory forensics, targeted memory capture ensuring data integrity and fidelity. 

  •  Execute malware static and dynamic analysis, malware reversing. 

  •  Execute Cyber Threat hunt exercises. Manage portfolio of hunt hypothesis, their execution and end outcomes delivery. Provide regular reports on the matter, propose improvements and own these.

  •  Develop adaptive capabilities to allow easy on-boarding and efficient execution of new threat hunt exercises to prepare organizational response readiness to “zero-day” threats, campaigns and vulnerabilities.

  •  Execute Security Architecture reviews and assessments of security technology stack too continuously boost security incidents breach prevention and detection capabilities (SIEM, EPP, EDR, SEG, SEW, NGFW, NGIPS, AD/AAD, other).

  •  Execute creation of Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX.

  •  Support SIEM content development by proposing incident detection ideas and testing these.  


YOU SHOULD HAVE:

  •  Passion for information security, continuous learning mindset and problem solving attitude – be a role model for the fellow colleagues!

  •  Ability to cope with fast changing situations and to keep calm, and stay focused during major incidents – again, be the role model for the fellow colleagues!

  •  Very good experience in Information Security Incident Response management practices (ISIRT/CSIRT) and in Crisis Management situations.  

  •  Proficient experience in leading security incident response activities throughout their lifecycle (including reporting).

  •  Proficient experience in digital forensics (multi-platform, network, memory), data acquisition and data analytics in-depth (host and network level). 

  •  Proficient experience in cyber threats modeling, identification, and assessment techniques.

  •  Very good experience in cyber threat hunt and red / blue team exercises. 

  •  Very good understanding of Common Cyber Attack techniques and principles e.g. MITM, Cyber Kill Chain and MITRE ATTACK framework. 

  •  Very good understanding of Security Information and Event Management (SIEM) platforms. 

  •  Very good understanding of Threat Intelligence Platform (TIP) and Incident Response Platform (IRP) concepts. 

  •  Very good understanding of Intrusion Prevention Systems (IPS on host and network level) and Next Generation Firewall technology (NGFW).

  •  Very good understanding of EndPoint Protection Platform (EPP) and EndPoint Detection and Response (EDR) solutions. 

  •  Very good understanding of Information Security common body of knowledge (e.g. taxonomy used by ISC2, SANS, ISO270xx).

  •  Proficient with programing languages (e.g. Python, Shell, PowerShell, CSharp) and system administration operations (to run forensic lab, malware lab, honeypots net, other).

  •  Very good reporting skills. 


NICE TO HAVE:

  •  Good understanding of Continuous Improvement framework.

  •  Understanding of Project Management (PM) and IT Infrastructure Library framework (ITIL). 

  •  Understanding of Identity and Access Management (IAM), Web Application Security (WAS) and Cloud Security concepts.


WHAT WE OFFER:

  •  Great team of IT professionals and possibility of technical development

  •  Modern offices in Chodov

  •  Home office possibilities

  •  Permanent contract

  •  Company Car, Pension plan contribution, Long-term Sickness Insurance

  •  CAFETERIA employee benefit program with wide selection of benefits from Edenred

  •  Extra week of holiday (25 days/year), 6 Self-sickness days/year, Full salary compensation for up to 10 days absence due to illness per calendar year, Lunch vouchers fully covered by company

  •  Multisport card, mobile and laptop, fruit days, sport clubs for employees, Referral program……

Zahlen und Fakten

  • Arbeitszeiten

    40

  • Geschäftsbereich

    DHL Information Services (Europe) s.r.o.

  • Reisetätigkeit erforderlich

    less 20%

  • Beschäftigungsart

    Unbefristet Vollzeit

  • Schichtarbeit

    Keine

Jetzt bewerben

„Die Deutsche Post DHL bietet mir Sicherheit, die Chance mich weiterzuentwickeln und die Möglichkeit, in fast jedem Land der Welt zu arbeiten.“

Aktueller Mitarbeiter – Senior Consultant in Bonn