Senior Incident Response Engineer (Ref. 1858)


Senior Incident Response Engineer (Ref. 1858)

Senior Incident Response Engineer (Ref. 1858)

Bank J. Safra Sarasin Ltd is a leading sustainable private bank, offering all the advantages of the Swiss banking environment together with dynamic and personalised advisory services focusing on opportunities in international financial markets. The Bank provides a high level of services and expertise when acting as investment advisor and asset manager for private and institutional clients. Financial strength, excellent client services and outstanding quality are therefore key elements of its corporate philosophy.
J. Safra Sarasin's most valuable capital is its employees. They are essential to the success of the organisation, now and in the future. Their technical expertise, professional qualifications and social skills are highly valued by the Group's clients, management and business partners. The success of J. Safra Sarasin depends on the enthusiasm and commitment of every one of its employees worldwide.
Chief Operating Officer
Senior Incident Response Engineer (Ref. 1858)
Basel, CH
Function/Position objectives
The Senior Incident Response Engineer will work as a subject matter expert/hunter. He will be the leader of a Computer Security Incident Response Team (CSIRT) in a Security Operations Center (SOC) and will be responsible, in a hands-on position, to implement critical incidents integration with Security Information and Event Management (SIEM) tool, monitor and investigate alerts with Managed Security Service (MSS), propose security measures to mitigate the origin of the problems and interact with Information Technology (IT), Information Security and business teams to resolve the incidents: in other terms the Senior Incident Response will manage the 24x7x365 operations of the SOC.
The right candidate will be able to start the SIEM project for the Bank from scratch, and will lead all process definition regarding a Security Operations Center Implementation. As a consultant, the Senior Incident Response Engineer will be responsible to define with Business, Information Technology and Information Security leaders which are most critical incidents that must be monitored by the SIEM tool, detail how SIEM will identify the incident, follow the implementation with delivery team and define the processes detailing all actions that must be done in occurrence of those incidents.
  • Closely involved in developing, tuning and implementing threat detection analytics; performs deep-dive incident analysis by correlating data from various sources; determines if a critical system or data set has been impacted; advises on remediation; provides support for new analytic methods for detecting threats; execute forensic analysis

  • Performs incident response and malware analysis to investigate incidents and potential indicators of compromise; acts as an incident hunter not only waiting for escalated incidents

  • Maintain current knowledge of tools and best-practices in advanced persistent threats, tools, techniques, and procedures of attackers; and forensics and incident response; research and incorporate relevant threat intelligence during the investigation and in written and verbal reports

  • Develop, document and manage containment strategy

  • Be a technical reference to CSIRT; elaborate processes of SOC and CSIRT; tune provided SIEM System, to reduce false positives and discover previously unknown threats

  • Maintain confidentiality of operations and investigations

  • On-call duties are required to attend critical events
  • Postgraduate degree in information technology (IT) or information security area

  • At least 10 years' experience in information security; whereof a minimum of 5 years' experience with SOC and being part of a computer security incident response team (CSIRT) is expected

  • At least two worldwide recognized of following certifications to prove deep and vast security knowledge: CISSP: Certified Information Systems Security Professional; SANS SEC503: Intrusion Detection In-Depth; SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling; SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques; CEH: Certified Ethical Hacker

  • Advanced network forensics, host-based forensics, incident response procedures, log reviews, reverse engineering, malware detection and threat intelligence

  • Previous experience with security information and event management (SIEM) tool; knowledge in data correlation; Knowledge in regular expression; Experience with script language; Expertise in analysis of TCP/IP network communication protocols;

  • Well versed on the latest attacks, vulnerabilities, and trends associated with cyber security; Knowledge in firewalls, intrusion detection systems (IDS), networking, windows, linux, data loss prevention (DLT), virtualization and cloud computing

  • Exceptional written communication to elaborate periodical reports; Team working skills

Elisabethenstrasse 62 Postfach 4002 Basel, Switzerland