Technology Specialist - CDO

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

The Cyber Security SME is part of the Cyber Defense and Operations Product Tribe, and is one of the professionals who do the work of delivering a potentially releasable increment of the product at the end of each sprint. Product Teams are structured and empowered by the organization to organize and manage their own work. The resulting synergy optimizes the Product Team’s overall efficiency and effectiveness.

The Cyber Defense and Operations (CDO) Threat Response Product Team is a global team accountable for building a cyber resilient organization by acting as a first line of defense against cyber attacks and by educating the global organization on how to act and respond to security incidents to limit the business impact.

The CDO Threat Response Product Team capabilities are aligned with the NIST frameworks and are grouped into (1) Defensive Capabilities as Monitoring, Detection, Vulnerability Mng, Threath Intelligence; (2) Offensive Capabilities as Incident Response, Penetration Testing; (3) Threat Hunting Capabilities.

The CDO Product Team is a fast growing team, working in a complex and challenging business environment and has an ambitious strategy to implement in the next years In this context, the Cyber Defense Centre is seeking to hire an experienced security analyst and incident responder, to be part of the core CDO team.

Your responsibilities would include:

• fine-tuning the SIEM tools needed to identify and repel threats. They work closely with other members of the team, especially if the system is under attack
• building the security architecture and systems, being part of the SIEM content development teams. They typically work with development operations teams to ensure that systems are up to date
• supporting the first responders to higher priority incidents analyzing threats doing investigation and triage
• additionally, documenting requirements, procedures, and protocols to ensure that other users have the right resources
• coordinating/aligning of broader SOC Analysts team and associated activity, with emphasis on real time proactive monitoring and incident response activity
• providing remote incident response activities and advice, to support HEINEKEN operating companies during and immediately after security incidents
• detecting threats, investigate those threats, and respond to them in a timely fashion (operational threat hunting related to realized security incidents). Additionally, analysts may have responsibilities that involve implementing security measures as dictated by management
• creating and maturing operational security processes, procedures, and SOPs for incident response
• carring out in-depth investigation on Security events, raise incidents and support the Incident Management process
• creating security monitoring content
• occasionally being on-call to respond to incidents that arise outside of business hours
• service management aspect – operationally overseeing and coordinating with third parties involved in incident response and security monitoring.

You are a good candidate if you have:

• Bachelor's degree or equivalent experience
• 3+ years of working experience in the security operations centers of international companies and with SIEM solutions
• a passion for security and enjoys solving problems
• understanding the Agile mindset and have basic knowledge of working in a Scrum Team. You show end-to-end ownership on work that you do
• excellent knowledge of English, written and verbal
• experience with outsourced managed services, using ITIL processes
• incident Response framework practical experience
• extensive Kusto query language knowledge (KQL)
• operational experience with SIEM (Azure Sentinel)– Log Management, Vulnerability scanning, and IPS/IDS technologies
• knowledge of security engineering, Cloud Provider infrastructure, Linux security, containerized environments security, and/or cloud security
• operational experience with Incident Response activities, using EDR solutions on a daily basis
• knowledge of industry-standard security frameworks for information systems (NIST, ISO 27001/2, CSA, COBIT)
• familiarity with scripting programming e.g. Bash, PowerShell, Python
• The Cyber Kill Chain & MITRE ATT&CK framework
• knowledge of security solutions (SSL, Remote Access, IPSEC, Reverse Proxy, IDS/IPS, Firewall, Multi Factor Authentication)
• knowledge of: Penetration testing, Malware engineering, Offensive security specialist (e.g pen tester, ethical hacker, etc.)
• Sysadmin skills (Linux/MAC/Windows)
• Network admin skills
• enabling services-related knowledge (e.g. NTP, SMTP, patching, Antivirus) & Server infrastructure (VMWare ESXi, storage, Azure, AWS)
• basic cryptography knowledge (basic algorithm knowledge)
• DB knowledge
• authentication protocol knowledge
• operating systems internal workings knowledge / understanding
• ability to translate technical language into a story that can be understood, and cohesively present it back to different stakeholders with a clear message
• communication skills to use with key technical and non-technical stakeholders
• ability to work with people of many different cultures and backgrounds
• ability to work in a complex and highly externalized environment
• interest in continuous self-development through training and learning on the job. Being curious about new developments and technologies; educating yourself
• critical thinking and contextual analysis abilities
• investigative and analytical problem-solving skills
• teamwork, can-do mentality
• strong time management skills and willingness to go above and beyond where required
• being able to work in a highly dynamic environment, with pressure situations
• ability to take decisive action based on available information in a timely manner
• ability to research and characterize security threats to include identification and classification of threat indicators
• strong time management skills and willingness to go above and beyond where required
• passion for mentoring and coaching junior resources, sharing knowledge
• continuous improvement mentality that helps improve and grow the team.

You are a perfect match if you also have:

• certifications such as CEH, CIR, CISM, CISA, CGEDIT, any of the OWASP or similar 
• experience in automation, coding and/or scripting using one or more of the following languages: Java, Perl, Python, Go, Ruby, Terraform and/or similar.