Your responsibilities

• scanning management for a Compromise Assessment and Rapid Response (CA&RR) tool for various customers in the ERGO Group
• analyzing of findings in the CA&RR tools (e.g. detecting backdoor, attackers' tools, system misconfigurations, forensics artifacts or malicious activity)
• developing of rapid response playbooks
• analyzing of malware files
• creating of custom YARA and Sigma rules
• performing threat hunting iterations based on feed delivered from CTI Team and research on recent campaigns using EDR, APT Scanner and other security tools
• developing and refinement of hypothesis to detect threats
• providing detailed reports on threat hunting iterations against known hacker groups
• defining of threat remediation strategies for various customers in the ERGO Group
• cooperating with technical teams as the SOC, CTI and CSIRT​

Our requirements

• fluent in English
• proven experience in the IT security area
• hands-on experience with hardware/software tools used in incident response, computer forensics, network security assessments
• understanding of Windows internals and Active Directory environments
• knowledge of Linux environment and Linux forensic skills
• general understanding of computer networking concepts and protocols
• basic understanding of scripting languages
• strong understanding of the Cyber Kill Chain, MITRE ATT&CK Framework, and modern threat actor TTPs
• basic understanding of MS Defender EDR and MS Sentinel environments to use KQL queries for threat hunting purposes
• ability to stay focused, keep calm and work under high stress
• ability to communicate with technical and business stakeholders
• willingness to work in a multinational and multicultural environment
• strong teamwork culture with effective collaboration, cross-group partnership
• being an innovator, creative, passionate, independent, and motivated to make a difference and help reducing cyber risk for ERGO Group

Optional

• Bachelor or Master degree in IT, Business IT, Computer Science or similar education
• certifications such as: Security+, CySA+, CEH or equivalent​

What we offer

• Let's be healthy – medical package, sports card, and numerous sports sections – these are some of the benefits that help our employees stay in good shape.

• Let's be balanced – work-life balance is a key aspect of a healthy workplace. We offer our employees flexible working hours, a confidential employee assistant program, as well as the possibility of remote working. However, staying at home with our in-office gaming room and dog-friendly office in Warsaw won’t be easy.

• Let's be smart – we organize numerous workshops and training courses. Thanks to hackathons and meetups, our specialists share their expertise with others. Additionally, we have a wide range of digital learning platforms and language courses.

• Let's be responsible – each year, we participate in several CSR activities, during which, together with our colleagues, we do our best to create a better future.

• Let's be fun – company-wide bike races and soccer matches, film marathons in our cinema room or other engaging team-building activities – we got it covered!

• Let's be diverse – every team member is valued, regardless of gender, nationality, religious beliefs, disability, age, and sexual orientation or identity. Your qualifications, experience, and mindset are our greatest benefit!