Technology Specialist - CDO (Cyber Threat Intelligence)

This role is part of the D&T department of HEINEKEN International and is located in HEINEKEN Global Shared Service in Krakow. D&T is proud to bring cutting-edge innovation, strong technology and advanced analytics to HEINEKEN. With speed and agility, we ensure HEINEKEN has the technological competitive advantages it needs to deliver on its ambition.

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

The CTI Analyst is part of the Cyber Defense and Operations Threat Prevention - Product Team, and is one of the professionals who do the work of delivering a potentially releasable increment of the product at the end of each sprint. Product Teams are structured and empowered by the organization to organize and manage their own work. The resulting synergy optimizes the Product Team’s overall efficiency and effectiveness.

The Cyber Defense and Operations (CDO) Tribe is a global set of Product teams team accountable for building a cyber-resilient organization by acting as a first line of defence against cyber-attacks by offering cybersecurity capabilities towards all HEINEKEN employees, to protect and defend the organization’s digital assets.

The CDO Product Teams capabilities are aligned with the NIST frameworks and are grouped into (1) Defensive Capabilities as Monitoring, Detection, Vulnerability Mng, Threat Intelligence (2) Offensive Capabilities as Incident Response, Penetration Testing (3) Threat Hunting Capabilities.

The CDO Tribe is seeking to hire an experienced Cyber Threat Intelligence Analyst, to be part of the CDO – Threat Prevention team. This role plays a critical part in building our Cyber threat intelligence capability and enhancing our organization’s security posture by providing actionable intelligence and insights to counter potential cyber threats.

Your responsibilities would include:

• building and maturing HEINEKEN cyber threat intelligence capability

• collecting, analyzing, and interpreting cyber threat intelligence from various internal and external sources, including open-source intelligence (OSINT), commercial threat feeds, and dark web monitoring

• identifying emerging cyber threats, attack techniques, and adversary tactics, techniques, and procedures (TTPs) and providing input to threat hunters

• monitoring and analyzing trends in cyber threats to proactively improve security measures

• developing and maintaining threat intelligence reports, risk assessments, and situational awareness briefings for internal stakeholders

• collaborating with the incident response team to investigate security events and provide intelligence-driven recommendations

• utilizing threat intelligence platform/tooling (TIPs), security information and event management (SIEM) systems, and other cybersecurity tools

• engaging with external cybersecurity communities, industry forums, and government agencies to share threat intelligence and best practices

• providing recommendations for improving threat detection, response, and mitigation strategies.

You are a good candidate if you have:

• 5+ years working experience in Cyber Security and minimum 2+ years in Cyber Threat Intelligence in preferably big multinational companies
• Bachelor degree or equivalent experience in Cybers Security, Computer Science, Information Security
• eertifications such as CEH, GCTI, OSCP, CISM, CISA, any of the OWASP  or similar

• experience with threat intelligence tools, SIEM platforms, and endpoint detection & response (EDR) solutions

• knowledge of the Cyber Kill Chain & MITRE ATT&CK framework

• operational experience with the Microsoft security stack

• proficiency in Kusto Query Language (KQL)

• prior experience with intelligence-sharing communities such as ISACs

• knowledge of industry-standard security frameworks for information systems (NIST, ISO 27001/2, CSA, COBIT)

• knowledge of penetration testing, malware analysis, and adversary tactics

• understanding of offensive security concepts

• sysadmin skills (Linux/MAC/Windows)

• network administration skills

• expertise in network security administration

• familiarity with enabling services such as NTP, SMTP, patching, and antivirus

• experience with server infrastructure, including VMware ESXi, storage, Azure, and AWS

• database security knowledge

• have a passion for security and enjoys solving problems
• you understand the Agile mindset and have basic knowledge on working in a Scrum Team. You show end-to-end ownership on work that you do
• excellent knowledge of English, written and verbal.

You are a perfect match if you also have:

• familiarity with programming or scripting languages (Python, PowerShell, or similar) is a plus

• basic knowledge of security solutions, including SSL, remote access, IPSEC, reverse proxy, IDS/IPS, firewall, and multi-factor authentication

• basic cryptography knowledge, including fundamental algorithms

• understanding of authentication protocols.

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting proper option in this tool or by communicating it on hotline.

What we offer: