Senior SOC Analyst

About Us

ERGO Technology & Services S.A. (ET&S S.A.) was established in January 2021 following the integration of ERGO Digital IT and Atena into one entity, leveraging both companies’ strengths and best practices. As a part of ERGO Technology & Services Management AG, the technology holding of ERGO Group AG, we support millions of internal and external customers with state-of-the-art IT solutions to everyday problems.

In October 2022, ET&S S.A. expanded its scope of operations by creating a Business Services unit to contribute in a new way to the growth of ERGO’s business. Acting as a co-partner and internal consultant, it adds non-IT value and supports the development of the entire ERGO Group, currently offering skills in reporting, analysis, actuarial, and input management. We are committed to fostering innovation and meeting the evolving needs of our clients worldwide.

Discover how we implement AI, IoT, Voice Recognition, Big Data science, advanced mobile solutions, and business-related services to anticipate and address our customers’ future needs.

How you will get the job done

• processing security incidents that have already been pre-qualified in level 1 SOC analysis based on playbooks that are created and maintained in SIEM engineering
• documenting the incident
• transferring the incident to the appropriate party (e.g. CSIRT) and supporting them in the further analysis and processing of that security incident if the incident cannot be resolved in Level 2
• documenting improvement potential per incident and implementation of lessons learned
• creating and maintaining standards for internal procedures governing the day-to-day work of the team
• contributing to regular feedback workshops with SIEM Engineering, Level-1, and CSIRT to optimize the procedures and the tools used, such as run books
• defining configuration standards for hardening of systems
• supporting SIEM Use Case Development – Collaboration in the creation, maintenance, and optimization of the rules and regulations and the instructions for the processing of incidents
• carrying out operational activities ordered by the IT Security Manager
• taking over the on-call duty

Skills and experience you will need

• proficiency in English, at least B2 level (spoken language and documentation)
• at least 2 years of working experience in a SOC or CSIRT/CERT
• strong knowledge about (latest) security threats
• broad experience in network infrastructure e.g. firewalls, IDS/IPS systems
• knowledge of Internet technologies, Server, desktop, and mobile OS
• ability to work according to compliance standards in a confidential environment
• ability to explain complex technical matters in easy wording
• flexible, creative, good team player with “can-do” attitude
• strong analytical skills
• strong communications skills
• willingness for permanent learning/self-education
• willingness for on-call shifts

Nice to have

• one of the following certifications: SANS SEC503, SANS SEC511, CompTIA CySa/Security +
• experience with SIEM tools, EDR /AV solutions
• proficient knowledge of ITIL processes and relevant ITSM toolsets
• programming skills in Python, Java, or JavaScript
• knowledge about creating SIGMA rules/Yaml