For the section "ITRS Global Security Operations Center" (IT1.7.6) in the IT Tower "ITRS" of the central division IT, we are looking for a qualified individual as an
Senior IT Risk Technical Specialist - Incident Responder. This unit focuses on the continuous prevention, protection, detection, and response capabilities against threats, exploitable vulnerabilities, and real-time incidents in the global Munich Re network.
The Incident Responder has a specific area of responsibility within the IT Risk and Security group to protect Munich Re against active threats. To do so, the Incident Responder must work with IT Service Managers and external service providers to define where monitoring is to be done and the use cases that should be monitored for. As events are identified that meet these criteria, the Incident Responder again must work with these service providers to gather information about the scope and severity of the events. This information will be presented to the Security Incident Evaluation and Security Incident Response teams, so that they can make important decisions regarding the handling of any potential incidents. The Incident Responder must then continue with remediation and documentation of such incidents to closure.
Tasks:- Monitoring alert queues and responding to security alerts as a Level 3 responder
- Act as a Tier 3 triage contact, collecting data and information to inform and advise the SIET and SIRT
- Handling incident escalations as part of the Security Incident Management Process
- Develop and optimize Standard Operating Procedures (SOPs) and use cases for monitoring and handling different types of security events
- Threat intelligence gathering to ensure that detection methods are effective against current threats
- Work with both internal and external partners to investigate, remediate, and clean up after security incidents
- Prepare detailed reports and provide summaries on both status and progress of investigations
Qualifications- Technical degree (preferably in IT) or an IT Security expert with outstanding knowledge of operating systems and network protocols (past experience with system, network engineering as well as pen-testing is welcome)
- Good understanding of SIEM, network security technologies and tools
- Preferred experience with digital forensics, threat hunting, malware analysis, SOAR and detection tuning
- Very good knowledge of threat modelling frameworks, attacker mindset and defence-in-depth concepts
- Excellent technical understanding of security operations and related processes
- A minimum of 5 years of experience in a SOC environment, as a Level 2 or higher responder with relevant GIAC or EC-Council certifications desired or in Threat Intelligence gathering and usage
- International experience from work within complex, global IT organisations
- Customer orientation, strong team working skills and experience in dealing with service providers
- Highly result oriented and structured
- Very good command of English, both spoken and written
