IT Security Analyst (L1 and L2)

Join us and help us extending our Cyber Defence Centre located in Prague intended for B2B customers in Czech Republic as well as abroad. Our SOC team is responsible for detection and response to cybersecurity incidents in various infrastructures and for building international relationships with other SOC and CERT teams across Deutsche Telekom group.

What we expect

SOC L1 and L2 specialists and experts in IT security monitoring and analysis. Expertise in evaluation of IT suspicious security events and attacks. Experience with SIEM tools deployment and administration is advantage.

We look for

A person with university degree in IT branch and at least two years experience in IT security or IT operations.

  • Basic or advanced knowledge of operation systems, databases and computer networks
  • Ability to code or script simple tasks (does not matter in what programming language)
  • Communication in English is a must, Czech and German are appreciated
  • Experience with incident management and handling appreciated
  • Experience with ArcSight or other SIEM tools appreciated

SOC L1 Analyst

  • Continuous processing of alarms from the SOAR queue, prioritized by the severity of each alarm
  • Initial analysis (triage of the alarms)
  • Identification of obvious false positives,
  • If necessary, assignment to already existing alarms
  • Processing of the alarms according to the customized playbooks
  • Result of alarm processing:
  • Identification as a false positive or
  • Opening a security incident and assigning it to the customer’s ticketing system or
  • Forwarding as alarm to L2 layer for further analysis and if necessary
  • Feedback to SIEM Content Engineering for continuous improvement of the detection scenario
  • Deliver reports and KPI's
  • Respond to audit and regulator requests for information

SOC L2 Analyst

  • Extended analysis (following customized runbooks)
  • Addition of context-related information
  • Additional search for the classification of the alarm
  • Request for Security Information to customer
  • Result of alarm processing:
  • Identification as a false positive or
  • Opening a security incident and assigning it to the customer’s ticketing system or
  • Passing the incident to L3 layer for further analysis if necessary
  • Provision of feedback to SIEM Content Engineering for continuous improvement of the detection scenario
  • Methodology support leading to SOC processes optimization and effectiveness

Hands-on experience with the following technology set is appreciated for both L1 and L2 Analyst:

  • Ticketing tools (preferably OTRS)
  • Microfocus ArcSight SIEM and Logger
  • Cisco / Sourcefire
  • CheckPoint FW
  • Threat Intelligence
  • Sentinel One Endpoint Security
  • Guardium DBAM
  • Rapid7 scanner
  • Linux & Windows

Místo práce

Tomíčkova 2144/1, 148 00  Praha-Chodov, Česká republika

Obor

IS/IT: Konzultace, analýzy a projektové řízení, IS/IT: Vývoj aplikací a systémů

Pracovní poměr

Práce na plný úvazek