Digital Forensics and Incident Response Specialist (Compromise Assessment & Rapid Response)

About Us

ERGO Technology & Services S.A. (ET&S S.A.) was established in January 2021 following the integration of ERGO Digital IT and Atena into one entity, leveraging both companies’ strengths and best practices. As a part of ERGO Technology & Services Management AG, the technology holding of ERGO Group AG, we support millions of internal and external customers with state-of-the-art IT solutions to everyday problems.

In October 2022, ET&S S.A. expanded its scope of operations by creating a Business Services unit to contribute in a new way to the growth of ERGO’s business. Acting as a co-partner and internal consultant, it adds non-IT value and supports the development of the entire ERGO Group, currently offering skills in reporting, analysis, actuarial, and input management. We are committed to fostering innovation and meeting the evolving needs of our clients worldwide.

Discover how we implement AI, IoT, Voice Recognition, Big Data science, advanced mobile solutions, and business-related services to anticipate and address our customers’ future needs.

About the role

We are looking for skilled and motivated Digital Forensics and Incident Response and Threat Hunting Specialist. In your function, you will be a part of the Threat Hunting and CA&RR (Compromised Assessment & Rapid Response) Team, using Advanced Persistence Threat scanner and other security tools to: support ERGO Group in proactive identification of threats during threat hunting process, conducting digital investigations, analyzing security incidents, mitigate cyber risk and providing incident response recommendations.

As a part of Global Incident Response Team, you will take part in the incident investigations and cooperate with CSIRT (Computer Security Incident Response Team), CTI (Cyber Threat Intelligence) and SOC (Security Operations Center) Global Teams. In case there is a need for follow-up activities and collection of evidence, you will be responsible for coordinating the work of different cross-functional teams.

How you will get the job done

• scanning management for a Compromise Assessment and Rapid Response (CA&RR) tool for various customers in the ERGO Group
• analyzing of findings in the CA&RR tools (e.g. detecting backdoor, attackers' tools, system misconfigurations, forensics artifacts or malicious activity)
• developing of rapid response playbooks
• analyzing of malware files
• creating of custom YARA and Sigma rules
• performing threat hunting iterations based on feed delivered from CTI Team and research on recent campaigns using EDR, APT Scanner and other security tools
• developing and refinement of hypothesis to detect threats
• providing detailed reports on threat hunting iterations against known hacker groups
• defining of threat remediation strategies for various customers in the ERGO Group
• cooperating with technical teams as the SOC, CTI and CSIRT

Skills and experience you will need

• fluent in English
• proven experience in the IT security area
• hands-on experience with hardware/software tools used in incident response, computer forensics, network security assessments
• understanding of Windows internals and Active Directory environments
• knowledge of Linux environment and Linux forensic skills
• general understanding of computer networking concepts and protocols
• basic understanding of scripting languages
• strong understanding of the Cyber Kill Chain, MITRE ATT&CK Framework, and modern threat actor TTPs
• basic understanding of MS Defender EDR and MS Sentinel environments to use KQL queries for threat hunting purposes
• ability to stay focused, keep calm and work under high stress
• ability to communicate with technical and business stakeholders
• willingness to work in a multinational and multicultural environment
• strong teamwork culture with effective collaboration, cross-group partnership
• being an innovator, creative, passionate, independent, and motivated to make a difference and help reducing cyber risk for ERGO Group

Nice to have

• Bachelor or Master degree in IT, Business IT, Computer Science or similar education
• certifications such as:: Security+, CySA+, CEH or equivalent

Perks & Benefits

Let's be healthy

Medical package, sports card, and numerous sports sections – these are some of the benefits that help our employees stay in good shape.

Let's be balanced

Work-life balance is a key aspect of a healthy workplace. We offer our employees flexible working hours, a confidential employee assistant program, as well as the possibility of remote working. However, staying at home with our in-office gaming room and dog-friendly office in Warsaw won’t be easy.

Let's be smart

We organize numerous workshops and training courses. Thanks to hackathons and meetups, our specialists share their expertise with others. Additionally, we have a wide range of digital learning platforms and language courses.

Let's be responsible

Each year, we participate in several CSR activities, during which, together with our colleagues, we do our best to create a better future.

Let's be fun

Company-wide bike races and soccer matches, film marathons in our cinema room or other engaging team-building activities – we got it covered!

Let's be diverse

Every team member is valued, regardless of gender, nationality, religious beliefs, disability, age, and sexual orientation or identity. Your qualifications, experience, and mindset are our greatest benefit!