Threat Expert

Job Function: Business IT The role:
**Role Description**:
Threat Expert (L3) position at SoftwareOne represents a key role in resolving complex security incident issues. SoftwareOne Security Services enable highly effective and cost-efficient security solutions that help our customers maximize software portfolio investments.

**The main responsibilities**:

- Monitor SIEM Notables and analyze system logs, and other data sources to identify potential security incidents.
- Investigate alerts and suspicious activity to determine if an incident has occurred.
- Contain affected systems and networks to prevent the incident from spreading.
- Implement temporary measures to mitigate the impact of the incident.
- Work with other teams, such as IT and Cloud, security operations, to develop and implement a containment strategy.
- Going through the whole incident response process starting with preparation and ending with lessons learned and writing a report, obtaining evidences in collaboration with users and sysadmins, Network Admins, Cloud Admins, performing malware analysis, performing forensic analysis on demand, educating users about threats and incident causes.
- Analyze incident data to determine the root cause of the incident and identify recommendations for improvement.
- Document and report incidents to all the other relevant stakeholders.
- Develop and implement security plans, policies, and training to prepare the organization to respond efficiently and effectively to cyber threats.
- Develop, revise and maintain Alert Response Procedures (ARPs) and Standard Operating Procedures (SOPs) and Working Instructions of the CDC to the high standards and support/train Level 1 / Level 2 Analysts.

What we need to see from you:
**Skillset**:

- Minimum 8+ years of experience working in a Security Operation Centre monitoring, detecting, triaging and supporting security solutions
- Strong experience in one or more security technologies.
- Have a good understanding of ticket management and service requests. Awareness and expertise of using any Enterprise Ticketing system
- Have a good understanding of Security Operations and Service Delivery.
- Exposure to ISO 27001, PCI related certification and compliance practices.
- ITIL processes in supporting Security Solutions and Service Delivery.
- Demonstrate ability to work independently while handling multiple client incidents, problems or projects.
- Ability to adapt, follow and evolve the processes and guidelines for Security Operations.
- Possess an impeccable work ethic and a high degree of integrity.
- Experience in a Security Operation Center environment is required.

**Qualification**:

- Engineering Degree in Computer Science or Technical Degree with certifications in Information Technology or Information Security.
- Cisco certifications such as CCNA.
- Microsoft certifications such as MCSA, MS-100, MS-101 and MS-500.
- Technical Certifications in TrendMicro, FireEye, Proofpoint, Qualys, Cisco, Cloud Raxak, KnowBe4, Splunk, CyberArk, Okta, Digital Guardian, McAfee CASB Security.
- Products Preferred.
- Expert use of MS Office Suite.
- ITIL Foundation Level certified (desirable).

**Behavioral Skills**
- Communication skills
- Tact and diplomacy.
- Teamwork.
- Trustworthiness and discretion.
- Problem solving.
- Ability to cope with stress.
- Organizational skills.
- Willing to work in 24x7 shifts

**This is what makes us special as an employer**:

- Come as you are: Wear what you feel comfortable in, not just while working from home
- President’s Club: Exclusive recognition awarded by leadership and your peers.
- Flexible work: Do great work from anywhere, deliver excellence everywhere.
- Employee Exchange Program: Experience new colleagues and cultures around the world.
- Incentive programs: SWOmies award bonuses to colleagues who go above and beyond.
- Lifelong education: We pay for your new skills with tuition reimbursement.
- Employee stock option programs (SIX: SWON): Be an owner. All employees can be shareholders.
- Hire to Grow: We optimize our internal structures and feedback culture constantly to be your Employer of Choice, today and in future.

**You need some more information?**

**You know someone who could be interested in working with us as well?**

**Any questions? E-meet me**

Why SoftwareOne?:
**SoftwareOne is powered by Swomies**

Every day, 9000+ SoftwareOne colleagues - we call ourselves "Swomies" - partner with clients to deliver inspired technical and licensing solutions to engage their workforce and accelerate cloud maturity. Our internal backbone of enablement functions needs to be strong to keep the company ready for delivering great services to our customers. Our internal IT team is one of these competent and passionate teams that enables all Swomies to stay technically uptodate and keep SoftwareOne's operational excellence.

**Threat Specialist (gn) Cyber Security Services**

team: Business IT / internal IT of SoftwareOne | pensum: ful