IT Security Analyst (SOC)
Schenker Technology Center (Warsaw)
We are a team of technology lovers who deliver top-quality digital solutions for DB Schenker - a global logistics market leader. 85% of our projects are focused strictly on development, and only a minority relate to maintenance. Joining us, you will deal with matters that already shape the logistics industry's future and challenge the existing status quo. Chatbots, IoT, RPA, and Blockchain are just a few examples. You will have a chance to work with a diverse technology stack and discover our unique Agile approach to the development process.
Tech stack
Network Security
SIEM
Cybersecurity
IT Security
Job description
The Operational Security Team is responsible for monitoring, managing and improving the global security profile of Schenker.
This is done via two functional team. The teams are divided generally into Tier 1 and Tier 2 but from a practical perspective, there is significant overlap of responsibilities as Tier 1 analysts transition to Tier 2.
Tier 1 Security Analysts are dedicated to monitoring, alerting, response and prioritization of potential security incidents. Monitoring for Tier 1 includes but is not limited to MS ATP, zScaler, ServiceNow ticket queue, Azure security portal and MS Exchange security portal. It is also expected that Tier 1 security analysts will, as they transition to Tier 2, develop a specific subset of professional security skills which include, but are not limited to Threat Hunting, Vulnerability Management, Forensic Investigations, Incident Handling, Edge Security profile management, Endpoint Threat Analysis and Global security subject matter expert (SME).
As a security professional on this team, you are part of a global distributed team responsible for the monitoring, administration and operation of multiple security monitoring and reporting platforms and the components therein that secure the day to day business activities of 60 000+ users worldwide.
The Operational Security Team belongs to the Common Infrastructure Services, which is part of the Global Infrastructure Services (GIS) department. It operates in a follow-the-sun 24x7 availability, and that means that some work might need to happen during weekends, and on rare occasions also outside from office working hours.
Key tasks & responsibilities:
• Performs network security monitoring and incident response for a large organization, coordinates with Tier 1 colleagues and with Tier 2 to record, prioritize and initiate incident tickets.
• Maintains records of security monitoring and incident response activities, utilizing case management and ticketing technologies.
• Monitors and analyzes Security Information and Event Management (SIEM) to identify security issues for remediation.
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
• Communicates alerts regarding intrusions and compromises to their network infrastructure, applications and operating systems. Consolidates and conducts comprehensive analysis of threat data obtained from classified, proprietary, and open source resources to provide indication and warnings of impending attacks against unclassified and classified networks.
• Recommend changes to Standard Operating Procedures and other similar documentation.
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
• Monitors and analyzes Security Information and Event Management (SIEM) to find security issues for remediation. Creates Security Information Event Management (SIEM) tool rules.
Requirements:
• 3 + years of related experience in information technology and/or information security preferred
• Rooted interest and passion for information security is a plus
• Essential administrative knowledge of Windows and Linux operating systems
• General understanding of these areas is a plus: Active Directory/Entra, Azure/AWS/GCP, network administration
• An understanding of Cyber Security Incident Response and Network Security Monitoring
• Fundamental understanding of computer networking TCP/IP
• Some knowledge of Windows, Linux and operating systems and information security
• Some knowledge of Intrusion Detection Systems IDS and SIEM technologies; Splunk or ELK, Antivirus, Firewalls, ZScaler, Endpoint Security and Cisco Sourcefire and similar tools preferred.
• SOC Tier 1 Analyst must be willing to work in a 24x7x365 Security Operations Center environment. Including Holidays.
• Knowledge of creating Security Information Event Management (SIEM) tool rules.
• Good analytical and problem solving skills
• Effective interpersonal skills to interact with team members, management, and SOC stakeholders
• Ability to think outside of the box when the need arises a plus.
• University degree in related technical/business areas or equivalent work experience
• Some experience in working according to professional processes in the area of ITSM and knowledge of the processes of service management (ITIL).
• Some experience in working in international teams a plus.
• Fluent in English language, both written and spoken.
• Relevant Security Certifications would be a plus.
• Strong aptitude for problem-solving and effective troubleshooting abilities.
• Proficient in customer service skills and adept at engaging with clients, staff, and management teams.