Cybersecurity Expert

We are looking for a Senior Cybersecurity Expert to join us in Tallinn, Estonia.

The role:

The responsibilities of the Senior Cybersecurity Expert / SIEM Specialist will be:

• Monitor the correct functioning of the SIEM solution
• Real time monitoring of corporate server, services, network end user workstation events
• Acting as a 1st level tier for any security related monitored event
• Review the results, detect anomalies, and support the response to the incidents
• Monitor the SIEM dashboard
• Create scripts to automate tasks
• Review, update implement use cases
• Implement and test new plugins
• Integrate new sources
• Merge and correlate events from all the other security monitored services
• Investigate all the alerts highlighted by CERT EU
• Monitor the license consumption
• Prepare procedure and cheat-sheets for quick use of the platform
• Lookup using additional IoCs
• Correlate and prioritise events
• Threat hunting
• Support the tracing of the origins of an intrusion or identifying systems to which the intruder had access
• Perform periodic asset Inventory
• Propose reactive measures (eg. block domains, IP, isolate networks)
• Correlate and summarize events
• Monitor user login attempts
• Regularly report on current situation
• Escalate to tier 2 and 3
• Alert on problem
• Prepare graphical visualizations of all monitored data
• Prepare scripts for automating recurrent tasks
• Support the incident management process of the Agency
• Support to assess impact of security incidents
• Assess & analyse cyber threat intelligence sources.
• Monitor and manage the corporate MISP solution

You have:

• Minimum 3 years of relevant academic education after the secondary school awarded with a diploma (Bachelor or equivalent)
• Minimum 5 years of relevant professional experience, gained in the past 7 (seven) years
• Minimum 2 years professional experience managing and maintaining SIEM systems, specifically Splunk
• Minimum 2 years of professional experience with SIEM artefacts creation and reporting
• Minimum 3 years of professional experience working in a Security Operations Centre or Managed Security environments.

Additional Qualifications:

Successful completion of at least the 3 Splunk fundamental courses plus and at least one subsequent

At least 1 security certification (in addition to Splunk credentials)

Experience working with and client ticketing and knowledge base systems for Incident Tracking

Knowledge of network security and monitoring and management of network security devices

Knowledge in the following areas:

• Advanced/In depth knowledge of network configuration and troubleshooting
• Knowledge of network security and monitoring and management of network security devices
• Splunk search processing language
• Windows Security Events
• SIEM solutions (configuration, customization, further development)
• Understanding of a wide array of corporate server applications such as : DBMS, Exchange, DNS, SMTP.
• Enterprise end-point security products
• Excellent analysis and problem solving

If you want to join a dynamic company where technological challenges will be found in your day to day we are waiting for you in the great VASS team.
And we encourage you to be the best version of yourself: Transformative, Creative, Honest, Vibrant

At VASS we take action every day to achieve a favourable environment that facilitates and promotes equal opportunities, non-discrimination, diversity and inclusion of all people. We select our talent based on business needs, skills and merits.