Mitarbeiter eines Dienstleisters
Remote-Arbeit
Verfügbar ab: 18.11.2024
Verfügbar zu: 100%
davon vor Ort: 100%
Skill-Profil eines fest angestellten Mitarbeiters des Dienstleisters
Einsatzorte
Deutschland, Schweiz, Österreich
Projekte
Transmission System Operator
Support in the conception, development and integration of a security operations center into the company, taking
into account regulatory requirements according to KRITIS. Strong focus on the topics of incident detection and
incident response.
Design and conception of an on-premises SIEM architecture using Splunk (high-level and low-level), installation
and configuration of SIEM components from OS level onwards, onboarding of log sources and configuration of
their parsing.
Triage & analysis of security incidents using contextual information, open-source threat intelligence and sandbox
analysis. Partial coordination and implementation of initial responses based on the severity and impact of the
incidents. Conduction of supporting research on opportunities to optimize the security posture.
Design and conception of a cloud SIEM architecture using Splunk Cloud (high-level and low-level), installation
and configuration of SIEM log collection components from OS level onwards, onboarding of log sources and
configuration of their parsing.
Maturity assessment of a hybrid SOC using a self-developed approach. Evaluation of people, processes and
technology used in the SOC services and identification of gaps in regards to best practices.
Derivation of improvement measures to attain desired SOC Maturity.
Support in the implementation of incident detection mechanisms, including:
? Identification of threat scenarios to detect by SIEM use cases
? SIEM use case conception, engineering and testing in collaboration with application and system owners
? Optimization of the detection engineering process
Review and optimization of the existing incident response program. Including:
? Creation of a security incident management policy
? Review, optimization and documentation of the existing incident response processes, considering
requirements to data protection and interfaces to other processes
? Preparation and planning for specific threat scenarios
Advisory on the conception and integration of a SIEM system within the company.
Preparation and documentation of the necessary organizational measures, such as a logging and monitoring
policy, organizational structure, roles and responsibilities, and definition of processes, e.g. for testing and
development of SIEM use cases.
Einsatzorte
Deutschland, Schweiz, Österreich
Projekte
Transmission System Operator
Support in the conception, development and integration of a security operations center into the company, taking
into account regulatory requirements according to KRITIS. Strong focus on the topics of incident detection and
incident response.
Design and conception of an on-premises SIEM architecture using Splunk (high-level and low-level), installation
and configuration of SIEM components from OS level onwards, onboarding of log sources and configuration of
their parsing.
Triage & analysis of security incidents using contextual information, open-source threat intelligence and sandbox
analysis. Partial coordination and implementation of initial responses based on the severity and impact of the
incidents. Conduction of supporting research on opportunities to optimize the security posture.
Design and conception of a cloud SIEM architecture using Splunk Cloud (high-level and low-level), installation
and configuration of SIEM log collection components from OS level onwards, onboarding of log sources and
configuration of their parsing.
Maturity assessment of a hybrid SOC using a self-developed approach. Evaluation of people, processes and
technology used in the SOC services and identification of gaps in regards to best practices.
Derivation of improvement measures to attain desired SOC Maturity.
Support in the implementation of incident detection mechanisms, including:
? Identification of threat scenarios to detect by SIEM use cases
? SIEM use case conception, engineering and testing in collaboration with application and system owners
? Optimization of the detection engineering process
Review and optimization of the existing incident response program. Including:
? Creation of a security incident management policy
? Review, optimization and documentation of the existing incident response processes, considering
requirements to data protection and interfaces to other processes
? Preparation and planning for specific threat scenarios
Advisory on the conception and integration of a SIEM system within the company.
Preparation and documentation of the necessary organizational measures, such as a logging and monitoring
policy, organizational structure, roles and responsibilities, and definition of processes, e.g. for testing and
development of SIEM use cases.
Das Freelancer-Portal
Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.