IT Security Detection Engineer Bucharest

IT Security Detection Engineer
Bucureşti
Bucharest, Bucharest, Romania

The IT Security Detection Engineer operates as a
- disciplinary engineer within the Security Operations Team at Borg
Warner. This role will employ various skills and experience to drive incident detection, optimization, and resolution.
On a daily basis, the Information Security Engineer collects, reviews, interprets, correlates and analyses data during and post incident in order to create a comprehensive picture of any potential threat.
Performs activities combining analytic and design skills with adequate knowledge of software and hardware technologies, in order to define, design, create, test, implement and modify informatic systems which have software as a main component.

Key responsibilities

• Developing and maintaining detection rules to identify malicious or suspicious activity within the environment.
• Implementing and managing systems for real time threat detection and alerting.
• On a
  -
  - day basis responding to, remediating, and coordinating incident response actions with other stakeholders, both internal and external.
• Proactively searching for threats and vulnerabilities within the network
• Developing and maintaining log collection systems such as a SIEM and/or Data Lake for long term data retention and normalization
• Developing and maintaining automation platforms within the security operations tool offering to optimize automated responses where possible
• Working with other IT and IT Security teams to ensure comprehensive threat coverage and understanding of impact and criticality
• Creating scripts and necessary reports to prevent disruption or unavailability of information assets and assess the impact.
• Analysing security attacks and advised on ways to solve them by configurating the existing security systems.
• Defining and implementing information assets that have software as the main component in order to improve the security posture.
• Developing and maintaining technical runbooks and process documentation.
• Conducting
  - depth analysis of suspicious activities and attempted attacks, during and post incident through and not limited to the analysis of malware, packets, alerts and logs for signs of malicious activity.
• Staying current with security operations, data analysis, and incident response technology, methodology and legal requirements.
• Performing computer forensic & incident investigations when required.
• Ensuring that all investigations are performed
  - line with regulatory requirements and internal corporate policies, standards and procedures.
• Providing metrics for management and periodic intelligence reports and lessons learned on various threat actors and IOCs.
• Building upon existing capabilities through continuous improvement of relevant intelligence sources and methods, recommending new tools and procedures to detect threats and protect intellectual property and assets.
• Assisting in support of formal investigations and/or inquiries to resolve insider threat related matters, acceptable use policy violations.
• Identifying areas for improvement in internal processes along with possible solutions.
• Working with the IT Security Operations Lead to define and document standard operating procedures for security incident handling, malware analysis, vulnerability management etc.
• Maintaining the confidentiality related to the professional secret and the security of the documents manipulated and administrating by him / her.

What we’re looking for

• Bachelor’s degree in Security Management; Compliance or Computer Science or comparable course of studies
• 2+ years of experience in IT Security, with a focus on Incident Response and SOC Any of the following: Comptia Security+, SANS Certification, Off
  Sec Certification
• Foreign languages: Fluent in English, written and verbal

Key Job Skills and or competencies

• Deep understanding of security systems, firewalls, authentication systems, log management, content filtering, network security and networking technologies
• Has worked with and managed at least one of the following technologies: SIEM, SOAR, Data Lake, EDR, DLP, FW, IDS/IPS
• Proven knowledge in the following security disciplines : advanced threats, information security incident detection and response, forensic investigative practices
• Experience in developing, collecting and analysing threat intelligence
• Experience with
  - driven and
  - driven incident response platforms
• Experience in AI and LLM models
• Experience in cyber intelligence analytic methodologies such as Kill Chain, threat modelling, threat hunting
• Relevant experience in an international environment with globally distributed teams
• Identifying problems; recognizing significant threats and risks; making connections between data
• Tracing possible causes of problems; investigating relevant data
• Upholding generally accepted social and ethical standards in
  - related activities
• Strong written, oral and presentation skills