At CRG we are looking for an incident response engineer who can investigate security breaches and manage, provide technical support, implement, maintain and troubleshoot all security products used by the Firm. The candidate must have significant hands on experience with security technologies and solutions. The candidate will also perform daily investigation of security incidents, security assessments and audits.

Requirements:

• Fluent in English. High Proficiency level (must).
• 5+ Years of experience in IT Security.
• Bachelor Degree in Computer Science or Information System or significant work experience.
• Must have prior experience with actual incident response, investigations and forensics analysis.
• Must have the following certifications: GIAC GSEC, PCNSE or OSCP.
• Extensive knowledge of security best practices in regards to computer systems, networks, telecommunication and all associated hardware.
• Very strong analytical approach to problem solving and solution development.
• Must be passionate about security and strive to ensure the Firm is protected against evolving cyber threats.
• Must be a professional with customer satisfaction oriented mindset, creative and be able to balance security with business objectives.
• Must be able to think outside of the box and go beyond traditional security.
• Must be able to work with Director of Information Security in providing accurate and timely information and closely follow his direction.
• Must be available to take emergency off hour calls during security incidents.
• Must be able to quickly identify root causes specially during security incident investigation.
• Must be able to create accurate and detailed project plans and complete them in timely manner.
• Excellent documentation skills and capable of creating comprehensive security documents such as standard operating procedures, guidelines and architecture diagrams.
• Must have hands on experience with following technologies:
  • Cisco network devices
  • In depth experience with Palo Alto firewalls with all the features available in the product
  • Experience with password safes (CyberArk or Beyond Trust)
  • SIEM products such as Microsoft Sentinel or others
  • IDS (Intrusion Detection Software) & IPS (Vectra AI, Snort, Suricata, AlienVault, or others)
  • Endpoint security products – CB Application Control, Microsoft Defender and Defender ATP.
  • Vulnerability scans and penetration test using Nessus, Tenable, Rapid7 Nexpose, Cobalt Strike or others..
  • Open source security tools (Kali Linux, Metasploit, Nmap, PowerShell Empire, Kerberoast, TrustedSec SET and others) and network traffic analysis
  • Experience with Windows operating systems, Active Directory, DNS, DHCP, Microsoft SQL
  • Experience with Linux operating systems (Ubuntu, CentOS RedHat)
  • Experience with scripts (python, VB, Powershell and others)
  • Microsoft M365 E5 security products and Microsoft Azure
  • Able to work in night shifts to cover Germany.

Responsibilities:

• Manage firewalls, Anti-Virus, Web Filtering Solutions, DLP, IPS/IDS, NAC, DDOS protection, third-party remote access, application white listing solutions, endpoint detection and response solutions.
• Manage Security Incident and Event Management systems (SIEM).
• Manager and investigate all security events until resolution.
• Manage privilege account management systems.
• Conduct technical security audits and perform risk assessments.
• Conduct firewall, network and systems configuration change and audits.
• Perform vulnerability scans on networks, servers, systems and applications.
• Create weekly security reports including keeping track of information security metrics.
• Work with consultants and third party vendors as it relates to security services they provide.
• Participate in project reviews of information security architectures associated with each initiative.
• Conduct malware analysis and research for new exploit techniques used by cyber criminals.
• Conduct proactive threat hunting.
• Research and test new security technologies.
• Manage and maintain a good relationship with third party security vendors (MSSP, SOC and others).
• Maintain and create new process to ensure the Firm’s security posture meets clients’ security requirements.
• Participate as part of member of Cyber Incident Response team.