Security Operations Team is a global team working on real-time monitoring and protection of all Acronis assets. Develop Tactical and Operational Intelligence....
Acronis leads the world in cyber protection – solving safety, accessibility, privacy, authenticity, and security (SAPAS) challenges with innovative backup, security, disaster recovery, and enterprise file sync and share solutions that run in hybrid cloud environments: on-premises, in the cloud, or at the edge. Enhanced by AI technologies and blockchain-based data authentication, Acronis protects all data, applications and systems in any environment, including physical, virtual, cloud, and mobile.
With dual headquarters in Switzerland and Singapore, Acronis protects the data of more than 5 million consumers and 500,000 businesses in over 150 countries and 20 languages.
Acronis is a global cloud service provider, managing multiple datacenters with petabytes of data. Security Operations Team is a global team working on real-time monitoring and protection of all Acronis assets. You would be part of Security Operations Team identifying threats (through log analysis), responding to cyber incidents (attacks attempts, internal policy violations, etc.) and working with other teams on constant improvement of cyber security capabilities of Acronis.
Respond to security incidents and perform digital investigations.
Analyse, normalize and correlate various log sources to identify abnormal and/or malicious behaviour through our big data SIEM.
Monitor, respond and fine-tune alerts generated on our big-data SIEM by security systems (AV, NIDS, HIDS, EDR, etc).
Actively hunt for attackers and search for indicators of compromise by external attackers, or internal Red Team and define new detection rules or improve existing ones.
Define IOCs based on past attacks and external threat intelligence feeds.
Develop and leverage the Threat Intelligence Platform. Develop Tactical and Operational Intelligence.
Investigate malware activity and define related IOCs or contextual detection rules. Write and maintain Security Operations playbooks and standard operating procedures.
Participate in evaluation, implementation, improvement, and troubleshooting of security tools in the portfolio.
SKILLS & EXPERIENCE:
3 years of experience in Intrusion Detection, DFIR and/or Threat Hunting.
Good understanding of TTPs and the ATT&CK Framework.
In-depth knowledge of how operating systems operate and how to detect malicious activity.
Excellent understanding of network and security protocols, demonstrated ability to detect attacks by analysing network traffic.
Experience with Linux and Windows computer forensics and memory analysis.
Experience integrating a Threat Intelligence Platform.
Programming experience in Python, Shell scripting or other languages.
Available to work on-call and on occasional overtime (weekends, sale campaigns, etc.).
Passionate, curious, eager to learn. Focused, result oriented, positive and constructive.
Upper Intermediate English Skills
Would be a plus:
Familiar with Big Data environment and Query languages
Log management and SIEM experience
Malware analysis and Reverse-engineering experience.
Penetration testing / red-team experience.
Relevant security-related certification such as GNFA, GCTI, GREM, OSCP, OSCE, GCIA, GCIH, GCFE, GCFA, GREM, GMON, GCUX, GCWN2