Specialist-IT & Information Security
INDIA IT development
Job description
Allianz is seeking a Cyber Security Specialist to join the Security Operations team. The specialist will serve on the front lines of Allianz’s Security team and will lead and support security investigations across the company’s global infrastructure as well as respond to escalations from different entities. The specialist will leverage an armory of tools to investigate and respond to both external and internal security threats. Utilizing Allianz tooling, you will monitor security events in real-time, assess external and internal threats, and provide accurate and timely response. You will collaborate closely with multiple product team within the Tribe, with a diverse set of skills to tackle the array of security challenges that we encounter.
Security Specialist, Incident Response Responsibilities includes
· Lead security incident response in a cross-functional environment and drive incident resolution.
· Lead and develop Incident Response initiatives that improve Allianz capabilities to effectively respond and remediate security incidents.
· Perform digital forensic investigations and analysis of a wide variety of assets including endpoints.
· Perform log analysis from a variety of sources to identify potential threats.
· Build automation for response and remediation of malicious activity.
· Write complex search queries in the EDR as well as SIEM tools for hunting the adversaries.
· Works on SOAR cases, automation, workflow & Playbooks.
· Integrating and working on Identity solutions.
· Developing SIEM use cases for new detections specifically on identity use cases.
Minimum Qualifications:
· 5-10 years of experience in Security Incident Response, Investigations
· Working experience in Microsoft On-prem and Entra ID solutions
· Good knowledge in Active Directories and Tier 0 concepts
· Very good knowledge of operating systems, processes, registries, file systems, and memory structures and experience in host and memory forensics (including live response) on Windows, macOS and Linux.
· Experience investigating and responding to both external and insider threats.
· Experience with attacker tactics, techniques, and procedures (MITRE ATT&CK)
· Experience analyzing network and host-based security events
Overall Objectives of Job: (If multiple sections, accord weightage to each section)
Lead security incident response in a cross-functional environment and drive for security incident resolution. Proactively search for and identify potential security threats and vulnerabilities within an organization's networks, systems, and applications. Analyse security data and logs to detect and respond to security incidents and breaches. Develop and implement threat hunting strategies, methodologies, and processes to improve the organization's security posture.
100%
PART 3
Duties and Responsibilities
List in order of importance and state approximate weightage accorded to each.
· Lead and develop Incident Response initiatives that improve Allianz capabilities to effectively respond and remediate security incidents.
· Perform digital forensic investigations and analysis of a wide variety of assets including endpoints.
· Perform log analysis from a variety of sources to identify potential threats.
· Build automation for response and remediation of malicious activity.
· Works on SOAR cases, automation workflow & Playbooks.
· Collaborate with internal and customer teams to investigate and contain incidents.
· Contribute to complex client-facing investigations and examine cloud, endpoint, and network-based sources of evidence.
30
· Contextualize security intelligence information so it is relevant to your business.
· Detect campaigns and attacks against your infrastructure, and identify the actors responsible.
· Improve and assist in automating the detection of incidents by your SOC.
· Deep investigations/CSIRT, Mitigation/recommends changes, More advanced SME in cybersecurity,
· Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies.
· Maintain SIEM correlation rules, customer build documents, security process and procedures
· Develop and implement threat detection and response strategies to proactively defend against cyber threats.
· Collaborate with cross-functional teams to coordinate incident response activities and mitigate security risks.
· Document and communicate security incidents, vulnerabilities, and remediation efforts to stakeholders.
· Stay current with the latest cyber threats, attack techniques, and security technologies to enhance detection and response capabilities.
· Contribute to the continuous improvement of security monitoring and incident response processes and procedures.
· Coordinates with internal and external stakeholders for effective service delivery
· Train and guide junior engineers and provide adequate support whenever needed.
50
· Quickly absorb and diagnosis communication challenges within and across work teams.
· Clearly and professionally communicate with client personnel to understand and manage expectations, gather information, and present and deliver results.
· Maintain Standard Operating Procedures (SOP) for the managed technologies and operations.
· Undergo in internal and external audits and support for best practices to up to date with security.
· Follow the organization’s change management process to adhere to the process integrity.
· Able to work effectively with other groups and teams or Operating Entities across Allianz business.
20
PART 4
Qualification, Experience, Technical and Functional Skills
· 5-10+ years of experience in Security Incident Response, Investigations and detection engineering
· Very good knowledge of operating systems, processes, registries, file systems, and memory structures and experience in host and memory forensics (including live response) on Windows, macOS and Linux.
· Experience investigating and responding to both external and insider threats.
· Coding/scripting experience in one or more general purpose languages – Python and PowerShell are preferred.
· Experience analysing network and host-based security events
· 5+ years of hands-on experience with a background in the modern attacker kill-chain, MITRE ATT&CK, and emerging enterprise threats.
· 3+ years’ experience with AzureAWSGCP andor Kubernetes and containers security.
· 3+ years of experience querying and analysing large datasets, including experience building automated reports, alerting, workflows, and/or business intelligence solutions (e.g. SQL, Python, KQL/Azure Data Explorer, Excel, PowerBI, etc.).
· Strong understanding of network security, malware analysis, and security operations
· Familiarity with security information and event management (SIEM) tools, EDR, DLP and relevant technologies
· understanding of Azure and M365 architectures, logging, data access and the investigative possibilities
· an understanding of the services, tools and resources available to assist with and automate forensic investigations
· Knowledge of the different characteristics of each cloud's storage resources.
· Understanding of the different types, configuration and availability of virtual machines offered in each cloud environment.
· Understanding of each cloud networking topology and the grouping of resources for network communication.
· Excellent analytical, problem-solving, and communication skills
· Ability to work effectively in a fast-paced and collaborative environment.
· Relevant certifications such as Certified Incident Handler (GCIH) or Certified Threat Intelligence Analyst (CTIA) or Certified Threat Hunter (CTH)any industrial hunting certifications.
PART 5
Key Competencies
· Security Incident Response
· SIEM Management tool (e.g.: Google Chronicle or Splunk)
· Threat Hunting tools (e.g.: EDR – Crowdstrike, Sentinel One etc)
· Forensic Analysis (e.g. Volatility, EnCase, Autopsy etc)
· Open-source tools and scripts, including YARA for malware detection, Sysinternals Suite for system
· Expert knowledge in Python and PowerShell
· Team player with excellent collaboration, and communication skills
· Strong problem-solving skills
52462 | IT & Tech Engineering | Professional | Non-Executive | Allianz Technology | Full-Time | Permanent
Your benefits:
· We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad
· We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location)
· From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered
· Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach
About Allianz Technology
Allianz Technology is the global IT service provider for Allianz and delivers IT solutions that drive the digitalization of the Group. With more than 13,000 employees located in 22 countries around the globe, Allianz Technology works together with other Allianz entities in pioneering the digitalization of the financial services industry.
We oversee the full digitalization spectrum – from one of the industry’s largest IT infrastructure projects that includes data centers, networking and security, to application platforms that span from workplace services to digital interaction. In short, we deliver full-scale, end-to-end IT solutions for Allianz in the digital age.
D&I statement
Allianz Technology is proud to be an equal opportunity employer encouraging diversity in the working environment. We are interested in your strengths and experience. We welcome all applications from all people regardless of gender identity and/or expression, sexual orientation, race or ethnicity, age, nationality, religion, disability, or philosophy of life.
Join us. Let´s care for tomorrow.
You. IT