Senior Associate, Information Security

Starcom Mediavest Group Germany Gmbh

$100K — $120K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • EDR experience with CrowdStrike and/or SentinelOne, focusing on malware investigation.
  • 4+ years in roles related to forensics analysis, threat analysis, incident response, or security engineering.
  • Familiarity with cloud services like Azure, AWS, and GCP, specifically log analysis.
  • Expertise in collecting and analyzing logs from various operating systems (Windows, Linux, Mac).
  • Knowledge of the MITRE ATT&CK framework or similar methodologies.
  • Experience in developing incident response programs, emphasizing efficiency through AI automation.
  • Strong communication skills with experience leading incidents and report generation.

Responsibilities

  • Lead investigations and responses as the Incident Commander for cyber security events.
  • Analyze and assess compromised systems for incident verification.
  • Coordinate evidence gathering and document detailed security incident reports.
  • Present comprehensive reports to management in a clear, precise manner.
  • Stay informed on best practices and emerging threats in cyber security.
  • Conduct in-depth forensic investigations into data breaches and vulnerabilities.
  • Advise on strategic direction for efficient incident management, leveraging AI tools.

Benefits

  • Core work hours from Monday to Friday, with flexibility for off-hours support.
  • Availability for VIP support via cell phone as needed.
  • Potential local and occasional out-of-area travel for collaboration and investigations.
Full Job Description
Job Description

The Senior Associate, Information Security is part of a global team and is responsible for incident response of cyber security incidents that are associated with our businesses, clients, and vendors; is technically skilled and ensures incident containment, remediation, and closure. This individual will be expected to work closely with the legal, data privacy, business, and client teams. They should be comfortable with interacting with senior executives, including C-level staff.

Responsibilities

  • Incident Commander to lead investigation and response of cyber security incidents.
  • Analyze compromised/potentially compromised systems.
  • Coordinate evidence/data gathering and document security incident reports.
  • Manage, review, and present written and oral reports in a pertinent, concise, and accurate manner for distribution to management.
  • Maintain current knowledge of tools and best practices in advanced persistent threats, tools, techniques, procedures of attackers, forensics, and incident response.
  • Perform complex forensic investigations into system breaches, data leaks, and system weaknesses.
  • Provide technical expertise to staff on security incident monitoring, triage, response, threat & vulnerability management, and security analysis.
  • Provide strategic direction on types of Incident Management activities that will drive efficiencies across company, including automation with AI tools.


Qualifications

  • EDR Experience- CrowdStrike and/or SentinelOne with experience investigating and analyzing malware and other malicious activity.
  • 4 or more years of experience in an analytical role of either forensics analyst (Linux, Windows, or MacOS), threat analyst, incident response, SOC analyst, or security engineer/ consultant.
  • Experience with cloud environments such as: Azure, AWS, GCP - knowing how to collect and analyze logs from Guard Duty/ Defender and CloudTrail, etc.
  • Experience with system and application log and artifact collection and analysis (Windows, Linux, Mac, etc.).
  • Familiarity with the MITRE ATT&CK or related frameworks.
  • Experience developing and managing incident response programs with focus on efficiency through AI development.
  • Strong communication skills with confidence leading Incident Response calls with different stakeholders; followed by producing detailed incident reports.
  • Proficient in social engineering, phishing, and related fraud schemes.
  • Strong general knowledge of security concepts and expertise in network and web application security issues.
  • Experience with a scripting language such as Python, Bash, PowerShell, or other scripting language in an incident handling environment.


Additional Information

Work Schedule
  • Core work hours are Monday through Friday, 9:00 AM-5:00 PM. Must also be flexible and be available to work non-standard business hours upon request or as needed
  • Must be available via cell phone for VIP support

Travel
  • Local travel between sites may be required
  • Occasional travel to sites outside the local area may be required


Salary Range
Transparency matters to us. The salary range for this position is $100,000-$120,000 per year. Actual compensation within this range will be based on a variety of factors, including relevant experience, knowledge, skills, and applicable certifications. This range reflects what we reasonably expect to offer based on current market data.

Job description only reflects management's assignment of essential functions. Management reserves the right to assign or reassign duties and responsibilities to this job at any time. This job description in no way states or implies that these are the only duties to be performed by the employee(s) currently in this position. Employee(s) will be required to follow any other job related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments.

A review of this position has excluded the marginal functions of the position that are incidental to the performance of fundamental job duties. All duties and responsibilities are essential job functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbent(s) will possess the skills, aptitudes, and abilities to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at-will" relationship.

Similar Jobs

More Jobs at Starcom Mediavest Group Germany Gmbh

More Information Technology Jobs

Find similar Senior Associate, Information Security jobs: