Enterprise Threat Management and Security Architecture (ETMSA) Engineer
As a valued member of the ETMSA team, you will play a critical role in handling cybersecurity threats and incidents at our organization. Your responsibilities will span every phase of the incident response process, collaborating closely with a global team of incident responders.
You will utilize your expertise in cyber defense, digital forensics, log analysis, and intrusion analysis to tackle security incidents across our endpoints, network, and cloud infrastructure. Your primary focus will be on preventing, detecting, responding to, and remediating security issues by utilizing technologies like Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), and Data Loss Prevention (DLP).
In addition to your technical skills, your ability to communicate and work effectively with various stakeholders in diverse global settings will be essential.
Responsibilities:
- Work closely with the Director to support all phases of incident response
- Contribute to projects aimed at enhancing the organization's security posture
Preparation:
- Understand and comply with diverse regulatory and compliance requirements
- Participate in self-assessment exercises to ensure the effectiveness of incident response processes
- Develop incident response runbooks, playbooks, and Standard Operating Procedures (SOPs) aligned with regulatory guidelines
- Evaluate the readiness of different components - people, processes, and technologies - for incident response
Detection & Analysis:
- Investigate and respond to cybersecurity incidents escalated from various channels
- Analyze security threats, assess risks, impacts, and scopes, and conduct in-depth incident analysis using various data sources
Containment, Eradication, and Recovery:
- Provide guidance to stakeholders on containing and eradicating security incidents
- Conduct root cause analysis to identify sources of compromise and malicious activities
- Document investigative findings and present them for high-profile events
Post-Incident Activities:
- Conduct lessons learned sessions with stakeholders
- Oversee follow-up actions and document incidents in the case management system
- Produce incident reports summarizing key details
You should always be prepared to respond swiftly to security incidents.
Requirements:
- Minimum of 5 years of experience in the Cyber Security industry
- Strong technical and analytical capabilities
- Proficiency in cyber security incident response processes
- Familiarity with AI tools for automating security tasks
- Hands-on experience in incident response activities
- Scripting skills (e.g., Bash, PowerShell, Python) for incident response in various environments
- Knowledge of cybersecurity tools like NGFW, EDR, IDS/IPS, SIEM, etc.
- Understanding of MITRE ATT&CK Framework and Cyber Kill Chain
- Enthusiasm for exploring new technologies and enhancing team capabilities
- Security certifications such as Azure, AWS, CISSP, GCIH, among others, are a plus
- Awareness of regulatory and compliance requirements like GDPR, MAS, PSD2, etc., is an advantage
Preferably:
- Quick learner with a proactive attitude
- Strong team player with excellent collaboration skills
- Eager to learn and committed to adding value
- Embraces ownership, accountability, and prioritization
- Comfortable managing incidents and engaging with senior stakeholders
- Business acumen mindset in critical decision-making.
