Cyber Incident Handling Analyst

vor 1 Monat

Wiesbaden, Hessen, Deutschland SOS International LLC Vollzeit

Overview

SOS International LLC (SOSi) is seeking a Cyber Incident Handling Analyst to support our customer in Weisbaden, Germany . The Cyber Incident Handler will perform analytic analysis of cyber related events to detect and deter malicious actors using SIEM technologies, which correlate multiple security tool alerts and logs.

Essential Job Duties

  • Work as a member of the Cyber Incident Response Operations Team to increase the security posture of the customers network.
  • Monitor SIEM platforms for alerts, events, and rules providing insight into malicious activities and/or security posture violations.
  • Review intrusion detection system alerts for anomalies that may pose a threat to the customers network.
  • Identify and investigate vulnerabilities, asses exploit potential, and suggest analytics for automation in the SIEM engines.
  • Report events through the incident handling process of creating incident tickets for deeper analysis and triage activities.
  • Coordinates and distributes directives, vulnerability, and threat advisories to identified consumers.
  • Issue triage steps to local touch labor organizations and Army units to mitigate or collect on-site data.
  • Perform post intrusion analysis to determine shortfalls in the incident detection methods.
  • Develop unique queries and rules in the SIEM platforms to further detection for first line cyber defenders.
  • Monitor the status of the intrusion detection system for proper alert reporting and system status.
  • Respond to the higher headquarters on incidents and daily reports.
  • Provide daily updates to Defensive Cyber Operations staff on intrusion detection operation and trends of events causing incidents.
  • Prepare charts and diagrams to assist in metrics analysis and problem evaluation, and submit recommendations for data mining and analytical solutions.
  • Draft reports of vulnerabilities to increase customer situational awareness and improve the customers cyber security posture.
  • Assist all sections of the Defensive Cyber Operations team as required in performing Analysis and other duties as assigned.
  • May perform documentation and vetting of identified vulnerabilities for operational use.
  • May prepare and presents technical reports and briefings.
  • Utilize a solid understanding of networking ports and protocols, their uses, and their potential misuses.

Minimum Requirements

  • An active in scope Top Secret/SCI clearance is required.
  • Bachelor in related discipline +3, AS +7, major certification +7 or 11+ years specialized experience.
  • Must meet DoD 8140 DCWF 531 requirements (B.S., GCFA, GCIA, CCSP, CEH, CFR, Cloud+, CySA+, GCED, GICSP, or PenTest+).
  • Must meet DoD 8140 DCWF 511 requirements (B.S., GCFA, GCIA, CFR, Cloud+, CySA+, GCED, or orPenTest+).
  • Must have one of the following additionalcertificationswithin 90 days of employment (Cisco CyberOps Professional, GCED, GCFA, GCFE, GCIH, GNFA, DCITA CIRC, FIWE or Offensive Security OSDA).
  • Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations.
  • Must have a good breadth of knowledge of common ports and protocols of system and network services.
  • Experience in packet captures and analyzing a network packet.
  • Experience with intrusion detection systems such as Snort, Suricata, and/or Zeek.
  • Experience with SIEM systems such as Splunk and/or ArcSight.
  • Must have the demonstrated ability to communicate with a variety of stakeholders in a variety of formats.
  • Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process.

Preferred Qualifications

  • Bachelors degree in Engineering, Computer Science, or Mathematics.
  • Experience with writing Snort or Suricata IDS rules.
  • Experience with writing complex Splunk SPL queries to correlate lookup tables with event logs to identify anomalies.
  • Experience with analyzing packets using Arkime or Wireshark.
  • Experience with Microsoft Windows event IDs.
  • Experience with Linux audit log analysis.
  • Familiarity with Git and VScode.
  • Experience with one or more scripting languages such as PowerShell, Bash, Python.

Work Environment

  • Normal office conditions.
  • Potential to work on multiple shifts in a rotation schedule covering a 24/7/365 mission.
  • On site in Wiesbaden, Germany.

SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.


  • Information Technology Specialist

    vor 1 Monat

    Wiesbaden, Hessen, Deutschland U.S. Army Cyber Command Vollzeit

    Serves as Senior IT Specialist (SYSADMIN) Virtualization Systems Administrator and lead analyst for the Regional Cyber Center-Europe (RCC-E) Systems Management Branch. Provides design, management, and improvement to the enterprise VMware vSphere infrastructure. Serves as an Information Technologist Specialist performing work, independently and as a member of...

  • Surety Program Officer

    Vor 7 Tagen

    Wiesbaden, Hessen, Deutschland U.S. Army Cyber Command Vollzeit

    Summary About the Position: This position is a DOD Cyber Excepted Service (CES) personnel system position in the Excepted Service under 10 USC 1599f. Employees occupying CES positions are in the Excepted Service and must adhere to U.S. Code, Title 10, as well as Department of Defense Instruction This position is located at the This position is located with...

  • Surety Program Officer

    vor 2 Wochen

    Wiesbaden, Hessen, Deutschland U.S. Army Cyber Command Vollzeit

    Summary About the Position: This position is a DOD Cyber Excepted Service (CES) personnel system position in the Excepted Service under 10 USC 1599f. Employees occupying CES positions are in the Excepted Service and must adhere to U.S. Code, Title 10, as well as Department of Defense Instruction This position is located at the This position is located with...

  • Information Technology Specialist

    vor 2 Monaten

    Wiesbaden, Hessen, Deutschland Department Of The Army Vollzeit

    Summary About the Position: This position is a DOD Cyber Excepted Service (CES) personnel system position in the Excepted Service under 10 USC 1599f. Employees occupying CES positions are in the Excepted Service and must adhere to U.S. Code, Title 10, as well as Department of Defense Instruction This position is located at the Wiesbaden, Germany NETCOM...

  • Cyber Incident Handling Analyst

    vor 1 Monat

    Wiesbaden, Germany SOS International LLC Vollzeit

    Overview SOS International LLC (SOSi) is seeking a Cyber Incident Handling Analyst to support our customer in Weisbaden, Germany . The Cyber Incident Handler will perform analytic analysis of cyber related events to detect and deter malicious actors using SIEM technologies, which correlate multiple security tool alerts and logs. Essential Job...

  • Csirt Security Incident Handler

    vor 2 Monaten

    Wiesbaden, Deutschland HZD Hessen Vollzeit

    Einsatzort ist unsere Zentrale in Wiesbaden. Wir freuen uns auf Ihre Bewerbung (Kennziffer D2-22214705), die wir bis einschließlich 1. Dezember 2023 entgegennehmen. **Ihre Aufgaben**: - Als Security Incident Handler (w/m/d) analysieren Sie sicherheitsrelevante Ereignisse und Cyber-Bedrohungen, entwickeln risikominimierende Maßnahmen und koordinieren...

  • Information Technology Specialist

    vor 3 Wochen

    Wiesbaden, Deutschland U.S. Army Cyber Command Vollzeit

    **Duties**: - Incumbent serves as a Collaboration Support Specialist in the Network Management Branch, Regional Cyber Center - Europe. - Selectee proactively coordinates and carries out the activities and processes required to implement, operate, and maintain premier collaboration services as a Network Operations Specialist. - Builds, tests, and delivers...

  • Solution Sales Specialist Cyber Security

    vor 2 Monaten

    Wiesbaden, Deutschland SVA System Vertrieb Alexander GmbH Vollzeit

    Als inhabergeführtes, unabhängiges Systemhaus versorgen wir Unternehmen aus allen Branchen mit hochwertigen IT-Lösungen. Wir stecken unser ganzes Know-how und viel Begeisterung in unsere Projekte, um das beste Ergebnis für unsere Kunden zu erzielen. Neue Teammitglieder finden oft bei uns ihre berufliche Heimat und bleiben lange. Wer unsere...

  • Solution Sales Specialist Cyber Security

    Vor 2 Tagen

    Wiesbaden, Deutschland SVA System Vertrieb Alexander GmbH Vollzeit

    Als inhabergeführtes, unabhängiges Systemhaus versorgen wir Unternehmen aus allen Branchen mit hochwertigen IT-Lösungen. Wir stecken unser ganzes Know-how und viel Begeisterung in unsere Projekte, um das beste Ergebnis für unsere Kunden zu erzielen. Neue Teammitglieder finden oft bei uns ihre berufliche Heimat und bleiben lange. Wer unsere...

  • Cyber-Security-Spezialistin/Spezialisten (m/w/d)

    Vor 2 Tagen

    Wiesbaden, Deutschland Hessisches Ministerium des Innern, für Sicherheit und Heimatschutz Vollzeit

    Das Hessen CyberCompetenceCenter (Hessen3C) mit Sitz in Wiesbaden ist die zentrale Kompetenzstelle zur Zusammenarbeit staatlicher Behörden für Cybersicherheit in Hessen und nimmt die Funktion des Zentrums für Informationssicherheit nach § 5 Abs. 1 des Hessischen Gesetzes zum Schutz der elektronischen Verwaltung (Hessisches ITSicherheitsgesetz – HITSiG)...

  • Cyber-Security-Spezialistin/Spezialisten (m/w/d)

    Vor 3 Tagen

    Wiesbaden, Deutschland Hessisches Ministerium des Innern, für Sicherheit und Heimatschutz Vollzeit

    Das Hessen CyberCompetenceCenter (Hessen3C) mit Sitz in Wiesbaden ist die zentrale Kompetenzstelle zur Zusammenarbeit staatlicher Behörden für Cybersicherheit in Hessen und nimmt die Funktion des Zentrums für Informationssicherheit nach § 5 Abs. 1 des Hessischen Gesetzes zum Schutz der elektronischen Verwaltung (Hessisches ITSicherheitsgesetz –...

  • Cyber-Security-Spezialistin/Spezialisten (m/w/d)

    vor 14 Stunden

    Wiesbaden, Deutschland Hessisches Ministerium des Innern, für Sicherheit und Heimatschutz Vollzeit

    Das Hessen CyberCompetenceCenter (Hessen3C) mit Sitz in Wiesbaden ist die zentrale Kompetenzstelle zur Zusammenarbeit staatlicher Behörden für Cybersicherheit in Hessen und nimmt die Funktion des Zentrums für Informationssicherheit nach § 5 Abs. 1 des Hessischen Gesetzes zum Schutz der elektronischen Verwaltung (Hessisches ITSicherheitsgesetz – HITSiG)...

  • Cyber-Security-Spezialistin/Spezialisten (m/w/d)

    vor 1 Tag

    Wiesbaden, Deutschland Hessisches Ministerium des Innern, für Sicherheit und Heimatschutz Vollzeit

    Das Hessen CyberCompetenceCenter (Hessen3C) mit Sitz in Wiesbaden ist die zentrale Kompetenzstelle zur Zusammenarbeit staatlicher Behörden für Cybersicherheit in Hessen und nimmt die Funktion des Zentrums für Informationssicherheit nach 5 Abs. 1 des Hessischen Gesetzes zum Schutz der elektronischen Verwaltung (Hessisches ITSicherheitsgesetz HITSiG) wahr....

  • Cyber-Security-Spezialistin/Spezialisten (m/w/d)

    Vor 3 Tagen

    Wiesbaden, Deutschland Hessisches Ministerium des Innern, für Sicherheit und Heimatschutz Vollzeit

    Das Hessen CyberCompetenceCenter (Hessen3C) mit Sitz in Wiesbaden ist die zentrale Kompetenzstelle zur Zusammenarbeit staatlicher Behörden für Cybersicherheit in Hessen und nimmt die Funktion des Zentrums für Informationssicherheit nach § 5 Abs. 1 des Hessischen Gesetzes zum Schutz der elektronischen Verwaltung (Hessisches ITSicherheitsgesetz – HITSiG)...

  • Cyber-Security-Spezialistin/Spezialisten (m/w/d)

    vor 1 Tag

    Wiesbaden, Deutschland Hessisches Ministerium des Innern, für Sicherheit und Heimatschutz Vollzeit

    p>Das Hessen CyberCompetenceCenter (Hessen3C) mit Sitz in Wiesbaden ist die zentrale Kompetenzstelle zur Zusammenarbeit staatlicher Behörden für Cybersicherheit in Hessen und nimmt die Funktion des Zentrums für Informationssicherheit nach § 5 Abs. 1 des Hessischen Gesetzes zum Schutz der elektronischen Verwaltung (Hessisches ITSicherheitsgesetz –...

  • Information Technology Specialist

    vor 1 Woche

    Wiesbaden, Deutschland U.S. Army Cyber Command Vollzeit

    **Duties**: - Maintain continuous oversight of all Theater communications and data network in support of the United States Army Europe. - Technically evaluates the adequacy and effectiveness of systems troubleshooting, fault isolation and service restoration to ensure appropriate measures and resources are allocated to effectively and efficiently restore...

  • Information Technology Specialist

    vor 2 Monaten

    Wiesbaden, Deutschland U.S. Army Cyber Command Vollzeit

    **Duties**: - Serves as Senior IT Specialist (SYSADMIN) Virtualization Systems Administrator and lead analyst for the Regional Cyber Center-Europe (RCC-E) Systems Management Branch. - Provides design, management, and improvement to the enterprise VMware vSphere infrastructure. - Serves as an Information Technologist Specialist performing work, independently...

  • Cyber-Security-Spezialistin/Spezialisten (m/w/d)

    Vor 3 Tagen

    Wiesbaden, Deutschland Hessisches Ministerium des Innern, für Sicherheit und Heimatschutz Vollzeit

    Das Hessen CyberCompetenceCenter (Hessen3C) mit Sitz in Wiesbaden ist die zentrale Kompetenzstelle zur Zusammenarbeit staatlicher Behörden für Cybersicherheit in Hessen und nimmt die Funktion des Zentrums für Informationssicherheit nach § 5 Abs. 1 des Hessischen Gesetzes zum Schutz der elektronischen Verwaltung (Hessisches...

  • Information System Security Officer

    vor 3 Wochen

    Wiesbaden, Deutschland General Dynamics Information Technology Vollzeit

    Type of Requisition: Regular Clearance Level Must Currently Possess: Secret Clearance Level Must Be Able to Obtain: Secret Suitability: Public Trust/Other Required: Job Family: Information Security Job Qualifications: **Skills**:Information Security, Information System Security, Security System Certifications: CompTIA Network + - SEC+ **Experience**: 5...

  • Information System Security Officer

    vor 2 Wochen

    Wiesbaden, Deutschland General Dynamics Information Technology Vollzeit

    Type of Requisition: Regular Clearance Level Must Currently Possess: Top Secret/SCI Clearance Level Must Be Able to Obtain: Top Secret/SCI Suitability: Public Trust/Other Required: Job Family: Information Security Job Qualifications: **Skills**:Information Security, Information System Security, Security System Certifications: CompTIA Network + -...

  • Analyst Security Operations Center

    vor 2 Monaten

    Wiesbaden, Deutschland SVA Vollzeit

    Ihre AufgabenAls Analyst (m/w/d) im Microsoft Team – Operational Services unterstützen Sie die IT-Abteilungen unserer Kunden mit Ihrem Fachwissen. Gemeinsam mit weiteren Kollegen, Teams und Fachbereichen arbeiten Sie an zukunftsweisenden Lösungen. Dabei verrichten Sie eigenverantwortliche Tätigkeiten in einem durch Vertrauen geprägten Umfeld und bieten...

  • Information Technology Specialist

    vor 2 Wochen

    Wiesbaden, Deutschland U.S. Army Cyber Command Vollzeit

    **Duties**: - Serve as Information System Security Officer (ISSO) Specialist in the Cyber Security Division (CSD) of the 102d Signal Battalion (SB) under the 2nd Signal Brigade (BDE). - Provide advice and assistance to the Signal Battalion Commander on cybersecurity matters within the 102d SB Area of Responsibility (AOR). - Conduct periodic announced and...

  • Linux System Administrator

    vor 4 Wochen

    Wiesbaden, Deutschland SOSi Vollzeit

    **Overview**: **Responsibilities**: - Evaluates, tests, recommends, coordinates, monitors and maintains information systems (IS) and cyber security policies, procedures and systems, including access management for hardware, firmware and software - Ensures that IS and cyber security plans, controls, processes, standards, policies and procedures are aligned...

  • Linux System Administrator

    vor 3 Wochen

    Wiesbaden, Deutschland SOSi Vollzeit

    **Overview**: - SOS International LLC (SOSi) is seeking a highly qualified**Responsibilities**: - Evaluates, tests, recommends, coordinates, monitors and maintains information systems (IS) and cyber security policies, procedures and systems, including access management for hardware, firmware and software - Ensures that IS and cyber security plans,...