Responsibilities:

Incident Response:

• Perform complex cyber security incidents investigation, analysis and drive remediations
• Provide IOCs from incident analysis to monitoring team
• Provide after-incident recomendations
• Advise team members and local teams in handling security incidents
• On call duty (One week every 6 weeks on average)

Security tools management:

• Suggest improvements on detection capabilities on security tools like EDR, AV, NDR, SIEM
• Develop and review exceptions for security tools
• Support team and local units with security tools configuration and troubleshooting
• Ensure that security monitoring tools have proper rules applied to detect known threats
• Provide expertise on OT systems management (in addition)
• Support team in deployment of necessary security tools in the infrastructure
• Contribute to the development of operating capabilities of the team members
• Advise on mitigation of vulnerabilities with potential hight impact on infrastructure

Requirements:

• Essential understanding of all below knowledge domains with deep understanding of at least 4 of them:
•   - Windows/AD Administration
•   - Linux Administration
•   - Networking
•   - Security Monitoring
•   - Vulnerability management
•   - Forensics & Incident Response
• Good knowledge and strong interest in IT Security (best-practices, standards, technology)
• A proven experience in handling security incidents in complex environment
• A proven experience of working with security tools like AV, EDR, SIEM, NDR
• Quick learner with strong time management skills
• Able to work in multi stakeholder environment 
• Able to automate repetitive or complex tasks 
• Strong troubleshooting skills and good attention to details
• Curiosity and ability to learn
• Knowledge of one or several additional IT Security tools (Qradar SIEM, SentinelOne EDR, Darktrace NDR, Tenable.sc or Tenable.io) - nice to have.