Acronis is a global cloud service provider, managing multiple datacenters with petabytes of data. Security Operations Team is a global team working on real-time monitoring and protection of all Acronis assets. You would be part of Security Operations Team identifying threats (through log analysis), responding to cyber incidents (attacks attempts, internal policy violations, etc.) and working with other teams on constant improvement of cyber security capabilities of Acronis.
- Respond to security incidents and perform digital investigations.
Analyse, normalize and correlate various log sources to identify abnormal and/or malicious behaviour through our big data SIEM.
Monitor, respond and fine-tune alerts generated on our big-data SIEM by security systems (AV, NIDS, HIDS, EDR, etc).
Actively hunt for attackers and search for indicators of compromise by external attackers, or internal Red Team and define new detection rules or improve existing ones.
Define IOCs based on past attacks and external threat intelligence feeds.
Develop and leverage the Threat Intelligence Platform. Develop Tactical and Operational Intelligence.
Investigate malware activity and define related IOCs or contextual detection rules. Write and maintain Security Operations playbooks and standard operating procedures.
Participate in evaluation, implementation, improvement, and troubleshooting of security tools in the portfolio.
- Skills Required:
2 years of experience in Intrusion Detection, DFIR and/or Threat Hunting.
Good understanding of TTPs and the ATT&CK Framework.
In-depth knowledge of how operating systems operate and how to detect malicious activity.
Excellent understanding of network and security protocols, demonstrated ability to detect attacks by analysing network traffic.
Experience with Linux and Windows computer forensics and memory analysis.
Experience integrating a Threat Intelligence Platform.
Programming experience in Python, Shell scripting or other languages.
English working proficiency (written and spoken).
Available to work on-call and on occasional overtime (weekends, sale campaigns, etc.).
Passionate, curious, eager to learn. Focused, result oriented, positive and constructive.
Familiar with Big Data environment and Query languages
Log management and SIEM experience
Malware analysis and Reverse-engineering experience.
Penetration testing / red-team experience.
Relevant security-related certification such as GNFA, GCTI, GREM, OSCP, OSCE, GCIA, GCIH, GCFE, GCFA, GREM, GMON, GCUX, GCWN2