L2 CSIRT Analyst

Job Description

Job Description:

The L2 Computer Security Incident Response Team (CSIRT) Analyst plays a crucial role in responding to and investigating cybersecurity incidents, including Data Loss Prevention (DLP). This role is essential for promptly addressing alerts, conducting detailed incident analysis, and escalating sensitive/critical cases to the L3 CSIRT Analyst.

Main Responsibilities:

• Manage cybersecurity investigations based on CyberSOC use cases and DLP detection systems;

• Analyze the effectiveness of existing DLP controls and propose technical, functional, and process improvements;

• Contribute to the development and optimization of CyberSOC use cases;

• Monitor DLP-related events, conduct investigations, and respond to data leakage incidents according to internal procedures (including interviews with key stakeholders such as HR, Procurement, DPO, etc.);

• Develop and improve data protection policies and rules across various systems and manage exceptions;

• Respond to and facilitate eDiscovery requests from the IT Security, HR, Legal, and Compliance teams;

• Maintain accurate and detailed records of incidents in the group’s GRC tool;

• Support cybersecurity governance by providing detailed reports and KPIs;

• Quickly escalate complex incidents to L3 CSIRT Analysts, ensuring all relevant data and preliminary findings are accurately communicated;

• Contribute to the industrialization and formalization of Cyber Defense processes, improving their effectiveness;

• Provide analysis and expertise on cybersecurity incidents, including root cause identification and preventive measures.

Qualifications

Technical Skills:

• Event and incident monitoring and response (identification, alerting, and containment);

• General cybersecurity knowledge (log analysis, endpoint security, e.g., EDR solutions);

• Scripting languages (Python);

• Protocol knowledge (HTTP, SMTP, etc.);

• Experience with SIEM (Security Information and Event Management);

• Experience with SOAR (Security Orchestration, Automation, and Response);

• Knowledge of DLP (Data Loss Prevention) solutions.

Language Skills:

• Fluency in English (both written and spoken) is mandatory.