Lead Security Analyst (Hybrid setup)

Join a team of cybersecurity professionals and help Swiss Re to fulfil its mission in making the world more resilient. As a Lead Cybersecurity Analyst, you'll be monitoring current threats by analysing and handling major cyber incidents, implementing standards, and mentoring less experienced analysts. What's more, you'll be working in a hybrid setup, balancing work from home and the office premises.

About the team

Cyber Defence team is responsible for keeping the company safe – by going above and beyond in terms of preciseness and diligence. As part of the Security Team, Cyber Defence is responsible for maintaining security operations, focused on delivering high-quality detection monitoring and response solutions. We're looking for an experienced cybersecurity leader who'll use their creative thinking to manage the production of detection content, investigation of incidents, and help us to improve our incident response techniques.

In your role, you will…

• Proactively identify and respond to cyber threats
• Implement and ensure appropriate standards
• Mentor team members
• Craft detection content
• Prioritise triage events
• Improve existing detection content and playbooks
• Ensure in-time incident response
• Perform on-duty/ on- call support
• Handle major security incidents
• Understand the environment and applications
• Analyse and document incidents

About you

Nobody is perfect and meets 100% of our requirements. If you, however, meet some of the criteria below and are curious about the world of threat analysis and detection, we'll be more than happy to meet you!

• 5+ years or work experience in cyber security as an analyst or incident responder (in a SOC/CSIRT setup, preferably)
• In-depth knowledge of current threat landscape, offensive tooling, and OWASP and MITRE ATT&CK® techniques
• Technical writing skills to present complex topics to non-technical audiences
• Excellent oral and written communication skills (English)
• Malware and exploit analysis (or reverse engineering)
• This position may require participation in on-call rotations to address urgent matters outside of regular working hours.

Your additional experience should include

• Developing hypothesis-driven threat hunts
• Analysing various events, including but not limited to web traffic, underlying network protocols, malware, lateral movement TTPs (techniques, tactics, and procedures), or Microsoft and Linux security events
• Logfile correlation and analysis
• System and memory analysis
• Chain of custody and forensic acquisitions
• Major incident response or breach investigation management

Nice-to-have

• Experience developing in Python, Kusto, or any other scripting language
• Experience with Azure or Amazon AWS

#Li-hybrid