As Senior CSIRT Analyst you will be one of the most technically experienced members of the CSIRT (Cyber Security Incident Response Team) and will be expected to lead full IR investigations from start to end, being completely client facing. This means fully on-boarding clients, understanding the backend process of billing clients as well as working with Sales and Pre-Sales when required. With these responsibilities you will play a key part in the Threat Hunting service and will be required to assist in developing the service further.

The position requires a good understanding of IR based consultancy work and a high standard of report writing. As a Senior Analyst you will work only in the CSIRT but will have links into the SOC and Threat Intelligence services for information sharing. 

Your responsibilities:

• Client facing, hands on technical response to cyber/data breaches
• On-site and remote analysis and real time resolution of threats/breaches
• Taking over Incident Manager and/or Project Team Lead role when needed
• Ensuring best practices are adopted and all internal and industry guidelines are followed
• Run consultancy work: provide input as subject matter expert, policy review and creation, tabletop exercises, etc.
• Partake in an "on-call" roster where required to ensure out-of-hours incident response coverage
• Demonstrate thought leadership in the enhancement of incident detection, response and hunting capabilities
• Support with the development and growth of the CSIRT from a technical and methodology perspective (e.g. enhance incident response plans and playbooks)

What you should bring along:

• Degree in IT or IT Security related field
• At least four years of experience within client facing incident response
• Ability to review raw log files, data correlation and analysis (i.e. firewall, network flow, IDS, system logs) incl. packet capture analysis
• Strong understanding of networking principles including TCP/IP, DNS, commonly used Internet protocols (SMTP, HTTP, etc) and corporate IT infrastructure (including cloud)
• A proficiency in using SIEM and security products to address cyber incidents
• A track record in major cyber security incident triage (such as malware triage), containment, remediation and recovery steps
• An appreciation of procedures surrounding forensic acquisition, as well as the ability to undertake forensic behavioural analysis on a host
• Exposure to at least one scripting language (Python, PHP, etc)
• Relevant security certifications (SANS Cyber Defense, EC-Council Certified Security Analyst or related certifications) are a plus
• Ability to handle high pressure situations in a productive and professional manner
• Strong written as well as verbal communication skills in English AND Swedish

This awaits you:

• A dynamic environment with exciting tasks and lots of space for individual initiative
• A cyber security-affine international team, flat hierarchies and an informal corporate culture
• A structured induction period tailored to your needs
• Interesting, individually designed opportunities for further development