Cyber Security Analyst - CSIRT
Cyber Security Analyst
We believe that the passion and talent of our employees is our strength - it is what drives us towards outstanding performance. We offer a dynamic, motivating and sophisticated work environment. A culture that is open, innovative and performance oriented. Our scale, scope, commitment to people, and high standards of integrity make Booking.com a great place to work.
As a Cyber Security Analyst, you will work as a member of the CSIRT team, responsible for the execution of incident response, investigative analysis, continuous improvement, and post incident activities. The CSIRT team covers a wide range of security disciplines, from alert triage to performing forensic analysis and reporting of the operational security posture of the company. As a member of this team, you will participate in the defense of one of the world's leading e-commerce organizations and have the opportunity to learn, and develop skills in a truly world leading and innovative security practice. B.responsible
- Monitor, triage, investigate, and respond to suspicious activity across all company assets.
- Perform log analysis and analyse large datasets to support alert and response activities.
- Provide data driven insights into improvement opportunities for cybersecurity operations workflow design.
- Interface with other security teams and assist with general IT security as required.
- Perform root cause analysis of simple to highly complex security issues.
- Use a combination of manual and automated tools to proactively analyze various data.
- Help stakeholders to determine the best course of action to remedy the problem
- Develop, initiate, maintain, and revise automated strategies and approaches for Booking.com's security operations within the big picture of the organization;
- Work effectively with team members and leadership by communicating cybersecurity trends and sharing ideas and knowledge in a constructive and positive manner;
- Actively participate in our goal to continuously improve the way we work; identify improvement areas on our technology, process and techniques to enhance our detection and response capabilities.
- Ensure the ongoing core objectives of the CSIRT are accomplished and measurable.
- 4+ years working in security practices (CSIRT/SOC experience preferred);
- 2+ years working in an enterprise level organization with responsibilities related to computer security or system administration
- Solid understanding of the incident response lifecycle at both technical and procedural level;
- Experience performing incident response across Linux, Windows and Mac.
- Experience using advanced Endpoint Detection and Response (EDR) tools for complex incident analysis;
- Ability to quickly solve problems using scripting and automation;
- Robust understanding of IT fundamentals across networking, system, and application layers;
- Ability to prioritize incoming escalations and requests appropriately using clear communications;
- Excellent interpersonal and communication skills in order to share knowledge with peers and to communicate effectively with different stakeholders;
- Bachelor's Degree or equivalent experience with relevant industry certification (CISSP, CISM, SANS, OSCP).