Cyber Security Analyst

• Monitoring and analyzing security alerts and events in real time to identify potential threats at an early stage.
•  Responding to security incidents
• Immediate initiation of measures to contain, investigate and resolve security incidents based on predefined and trained playbooks
•  Work closely with other members of the global Security Incident Response Team, IT teams and the Security Incident Manager to ensure a coordinated response to global threats.
• Documenting incidents, actions taken and outcomes for follow-up and continuous improvement (IT Security Incident Report)
• Use of XDR, SIEM and other monitoring tools to identify and evaluate security events and incidents.
• Perform an initial analysis of suspicious activity and security alerts to assess their severity and potential impact.
• Participate in forensic analysis of compromised systems and data to determine the root cause of security incidents and prevent future incidents.
• Participate in regular training and education to stay current on the latest security technologies, threats and response strategies.
• Contribute to the continuous improvement of incident response processes by sharing experiences and suggestions for optimizing playbooks and procedures.
• If required, support internal and external communication during a security incident to inform relevant stakeholders about the status of incident management.
• Participation in debriefings (post-mortem analyses) after a security incident to assess what worked well and where improvements are needed.

Experience: 

• 1-2 years of experience in IT security, with a focus on incident response, security monitoring, and threat analysis.
• Experience in operational security roles, preferably in a global or regional setup that includes a 24x7 monitoring or response team.

Technical Knowledge:

• Experience working with Microsoft Defender XDR and SIEM (Microsoft Sentinel) is an advantage.
• Knowledge of security incident response frameworks
• Proficiency with security tools such as SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), firewalls, anti-malware solutions and cloud security (Azure)
• Familiarity with malware analysis techniques, sandboxing, threat intelligence, and common attack techniques (e.g., phishing, ransomware)

 Certifications:

• Certifications like CySA or similar are an advantage.
• Cloud security certifications (Azure SC-200) are an advantage. o Forensics and Analysis ▪ Basic knowledge in digital forensics or log analysis, identifying indicators of compromise (IoCs). 
• Solid English communication skills (B2-C1), German (B1) are an advantage

Collaboration & Escalation:

• Effective teamwork skills, collaborating with other incident responders, security operations teams, and regional IT staff.
• Ability to escalate incidents appropriately and communicate technical details clearly to more senior incident managers or other stakeholders.
• Willingness to learn and stay updated on the latest security threats, technologies, and incident response best practices.