Eurofins Scientific is an international life sciences company, which provides a unique range of analytical testing services to clients across multiple industries. The Group believes it is the world leader in food, environment, pharmaceutical and cosmetics products testing and in agroscience CRO services. It is also one of the global independent market leaders in certain testing and laboratory services for genomics, discovery pharmacology, forensics, CDMO, advanced material sciences and for supporting clinical studies. In addition, Eurofins is one of the leading global emerging players in specialty clinical diagnostic testing.

In 2018, Eurofins generated 4.2 billion Euro proforma turnover in 800 laboratories across 47 countries, employing about 45.000 staff.

Eurofins is ramping up the Security Operations Center and has a need to extend the L3 incident resolvers team. The person working in L3 SOC team receives incidents escalated from L2 SOC, gets to manage most complex findings and work towards remediation of the incidents found.

He/she continuously operates the Security Incident process, driving the resolution of identified issues, as part of the team, bringing the necessary experience and expertise above the existing L2 SOC level.

The role is regular working hours (6.30-14.30 and 9.30-17.30 depending on specific team schedule set) but has a required on-call component (covering out-of-work hours and weekends).

Specific Assignments:

• Monitoring and analysis of cyber security events with use of QRadar (SIEM), IDS, Cylance, RedCloak, McAfee antivirus
• Security Event Correlation as received from L2 SOC or Incident Response staff or relevant sources to determine increased risk to the business
• Recognize potential, successful, and unsuccessful intrusion attempts/compromises thorough review and analysis of relevant event detail and summary information
• Development and execution of SOC procedures
• Triage security events and incidents, detect anomalies, and report/direct remediation actions.
• Ensure confidentiality and protection of sensitive data
• Analysis of phishing emails reported by internal end users
• Working with remediation (IT Infra & Ops) teams on events and incident mitigation
• Follow up on remediation activities
• 8 hours daytime working schedule (6.30 - 14.30 or 9.30 - 17.30) with on-call duty outside the hours

Other Assignments:

• Update Security Operations reporting
• Support the SOC Manager in his duties (e.g. extension of SOC services to new sites)

EVOLUTION:

The position performs in a Senior Level Threat Researcher role. The Analyst will use advanced network and host based tools that will proactively search through data sets to detect and respond to imminent and potential threats that evade traditional security solutions. This role could develop into a technical lead for elevated threat management and security solutions identified by or reported to the SOC. Will be responsible for developing and assisting in the development and advancement of automation and integration technologies. Candidate should be capable of clear communications to varying audiences across the organization, in addition to seeking and building consensus where needed to achieve a strengthened security posture.

Minimum of 3-5 years of professional experience as a SOC Analyst (L2 or L3), threat researcher or hunter or a similar comparable role dealing with incident handling, alert tracking, cybersecurity case management.

Required

• Willingness to work overtime and adjust to reasonable demands from management in case of critical incidents being escalated to L3 for immediate handling
• Must have cybersecurity incident discovery and event management, network forensics, IPS/IDS, firewalls, content filtering technology, DLP, configuration management and monitoring, endpoint protection, database security, and log collection and analysis understanding
• Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.)
• Experience and keen understanding of cybersecurity tools, including SIEM, IDS/IPS, antivirus and endpoint detection & response solutions.
• Experience with leading security incident response
• Involvement in threat intelligence and cybersecurity communities
• Able to multitask and give equal and/or required attention to a variety of functions while under pressure
• Ability to work independently and take ownership of projects and initiatives
• Excellent written and verbal communication skills required. Must be able to communicate technical details clearly
• Experience in developing and maintaining Play/Run-Books and/or Standard Operating Procedures in a SOC environment
• Strong troubleshooting, reasoning, and analytical problem-solving skills
• Ability to communicate technical details effectively in writing and verbally to junior IT personnel and management
• Team player with the ability to work autonomously