Security Operations Lead
Viseven
AWSAzureCloudLinux
Job Level
Junior
Tech Stack
AWSCloud
About the role
- Monitor, triage, and investigate security incidents on Kraken’s infrastructure and Client instances
- Respond to alerts generated by the Security Information and Event Management (SIEM) system
- Automate and continuously expand detection capabilities
- Analyse application, Cloud and access logs and events to identify potential security threats and vulnerabilities and code this analysis for future playbooks
- Identify where escalation of incidents, or notification to third parties may be required
- Provide incident response support working with engineering and product teams where necessary
- Maintain, improve and automate incident response processes and playbooks
- Prepare reports and incident summaries; review and improve content and presentation of team reports
- Maintain and update security incident documentation including analysis findings and recommended mitigation strategies, automating wherever possible
- Liaise with stakeholders regarding incident root cause and provide remediation/improvement recommendations
- Participate in a roster covering weekends and public holidays to deliver a 24x7 operations capability
Requirements
- A strong Security Operations and technology background of 1 to 5 years of experience
- Experience in using SIEM platforms to analyse and respond to security alerts
- Familiarity with EDR (Endpoint Detection and Response) tools and their capabilities, including host containment and evidence preservation
- Knowledge of best practices for analysing incidents and logs in a cloud environment
- An understanding of how different mitigation strategies can contain and respond to security events
- An understanding of Cloud and software architectures
- Strong analytical and problem-solving skills, with the ability to identify, triage and mitigate incidents
- Ability to clearly communicate and document incident activities
- A passion for security, a drive to improve security alerting and response processes by harnessing technology and automation
- Good experience in at least some of the areas mentioned above (we’re not expecting any candidate to be an expert in all areas)
- Experience working in a SOC or CERT that monitors multiple client infrastructure/instances (helpful)
- Experience with AWS environments including AWS security monitoring and logging (e.g., CloudTrail, GuardDuty) (helpful)
- Relevant certifications or qualifications related to Security Operations (helpful)
- Basic scripting or automation skills using SOAR tooling to optimise tasks and develop security automation workflows (helpful)
- Willingness and ability to participate in a roster covering weekends and public holidays to deliver 24x7 operations capability
- Please provide your CV in English
