IT Security – SOC L1 Analyst

Join us and help us extending our Cyber Defence Centre located in Prague intended for B2B customers in Czech Republic as well as abroad. Our SOC team is responsible for detection and response to cybersecurity incidents in various infrastructures and for building international relationships with other SOC and CERT teams across Deutsche Telekom group.

What we expect

SOC L1 specialists in IT security monitoring and analysis. Expertise in evaluation of IT suspicious security events and attacks. Experience with SIEM tool operations and deployment is advantage.

We look for

A person with university degree in IT branch or at least two years experience in IT security or IT operations.

  • Basic knowledge of operation systems, databases and computer networks
  • Ability to code or script simple tasks (does not matter in what programming language)
  • Communication in English and Czech is a must, German is appreciated
  • Experience with OTRS or other open source ticketing tool appreciated
  • Experience with incident management and handling appreciated
  • Experience with ArcSight or other SIEM tools appreciated

SOC L1 Analyst

  • Continuous processing of alarms from the SOAR queue, prioritized by the severity of each alarm
  • Initial analysis (triage of the alarms)
  • Identification of obvious false positives
  • if necessary assignment to already existing alarms
  • Processing of the alarms according to the customized playbooks
  • Result of alarm processing:
  • Identification as a false positive or
  • Opening a security incident and assigning it to the customer’s ticketing system or
  • Forwarding as alarm to L2 layer for further analysis and if necessary
  • Feedback to SIEM Content Engineering for continuous improvement of the detection scenario
  • Deliver reports and KPI's
  • Respond to audit and regulator requests for information

Hands-on experience with the following technology set is appreciated:

  • Ticketing tools (preferably OTRS)
  • Microfocus ArcSight SIEM and Logger
  • Cisco / Sourcefire
  • CheckPoint FW
  • Threat Intelligence
  • Sentinel One Endpoint Security
  • Guardium DBAM
  • Rapid7 scanner
  • Linux & Windows

Místo práce

Tomíčkova 2144/1, 148 00  Praha-Chodov, Česká republika


IS/IT: Správa systémů a HW, IS/IT: Vývoj aplikací a systémů, Telekomunikace

Pracovní poměr

Práce na plný úvazek