Security Incident Analyst

Description

We are looking for a Security Incident Analyst with a passion for investigating security events, but also with a broad knowledge in the operational security incident management process as such and the ability to assign tasks to teams in charge of resolving security incidents.

This knowledge and expertise must be combined with a hands-on mentality and capabilities to not only design fit-for-purpose response procedures, but also to realize the implementation, their most efficient usage and the continuously improvement of them.

The contractor will set up and improve the organization her security incident response processes and procedures and will be an active member of the teams resolving security incidents. Incidents, which might be reported by end users, the organization her MSSP, MSP, other business partners or services.

Furthermore, based on - among others - the analysis of security events, incidents, input from businesspartners, service providers and other external sources the analyst will contribute to and drive the
improvement of the effectiveness and efficiency of the organization her detection capabilities and incident response processes and procedures.

In alignment with IT Security & Risk department, the MSSP and the MSP, the analyst will monitor the efficiency of the response procedures and will drive their improvement. The analyst is also responsible for the maintenance of the governance documents, including, but not limited to process and procedure descriptions. The analyst must also regularly report the status and performance of incident response processes and procedures, and thereto related service tickets, change requests and
improvement activities. Additionally, the analyst will be in charge to ensure that dashboards, will present key security & risk indicators.

The analyst is part of the Security Operations team which is also providing services in the security audit area and moreover the analyst will be involved in the planning and execution of incident response
procedures and business continuity tests.

The successful candidate is required to be result driven, to be able to work to a large extend independently, is willing to take acceptable risks but most of all, must be convinced of the benefits of teamwork.

The analyst will report directly to the Principal Information Security Officer DK.

Key Responsibilities

• Fulfill the role as Security Incident Handler (Tiers 1 and 2) Daily (Monday - Friday) analysis of events and incidents reported by employees, the organization her MSP and MSSP, business partners, service providers or tools like Heimdal Security, Hoxhunt, Microsoft 365 Security, acting on possible security incidents and driving mitigation actions.
• Develop security incident response runbooks, processes and procedures (eg for Phishing attacks, Malware infections, broken IAM processes)
• Modifying security incident response runbooks, processes and procedures to ensure they are reflecting the new shared responsibility model, where the organization her MSP became an important stakeholder.
• Contribute to the resolution of security incidents
• Support the automation of security event processing
• Maintain the Information Security/SOC Dashboard
• Plan and manage Incident response procedure/Business Continuity/DR tests

Requirements (Knowledge & Experience)

• Strong knowledge and experience in incident management, especially in analysing events and driving the resolution of security incidents
• Several years of experience in operational security function as part of a Security Operations Team
• At minimum 3 years of work experience in as an operational Security Analyst as part of a Security Operations Team
• Excellent know-how of information security technologies
• Ability to identify indicators of compromise, network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation
• Strong knowledge of technical aspects of operating systems, virtual environments, Cloud platforms and networking protocols
• Expert knowledge in developing, maintaining, and operating Security Incident Response processes and procedures
• Experience in working in/for a multinational biotech or pharmacological company
• Capability to explain (complex) technical security issues in normal language to non-technical stakeholders
• High level of proficiency in Microsoft Azure Sentinel and other portals provided by Microsoft, which play an important role in the Information Security monitoring landscape.
• Very good communication skills in English

Requirements (Personality & Values)

• You have a passion for information security and follow actively the newest developments in areas like incident management, security monitoring, security threats and tooling used in those
• You are determined to be the best in what you do.
• You are a team player and able to represent the security team
• Take ownership of tasks assigned to you and carry on until the task is completed
• Be proactive, recognize opportunities, take initiative, and action, and persevere until a meaningful change takes place.

Other

• Availability: 3-5 days/week
• Working remote