Eurofins Scientific is an international life sciences company which provides a unique range of analytical testing services to clients across multiple industries. The Group believes it is the world leader in food, environment and pharmaceutical products testing and in agroscience CRO services. It is also one of the global independent market leaders in certain testing and laboratory services for genomics, discovery pharmacology, forensics, advanced material sciences and for supporting clinical studies. In addition, Eurofins is one of the key emerging players in specialty clinical diagnostic testing in Europe and the USA.

Group's key figures are approx. 5.4 billion Euros turnover, over 800 laboratories across 47 countries and about 50,000 staff.

SUMMARY OF ROLE AND OBJECTIVES:

The SIEM Infrastructure and Automation Engineer is operationally responsible for the Eurofins SIEM and SOAR solution. His/her focus will be around operating and improving the Eurofins SIEM and SOAR platform and ensuring operational stability. He will also create and establish new use cases for the Eurofins Incident Response Team and improve operational turnaround times by creating and maintaining new operational automations. The Engineer will work closely with other teams to ensure that the SIEM and SOAR platforms are performing to standard with all necessary logging sources configured and operational.

ROLE & OBJECTIVES:

Specific Assignments:

The main responsibilities of the SIEM Infrastructure and Automation Engineer are:

• Connect, configure and standardize new log sources to the Eurofins SIEM solution;
• Ensure operational stability and performance of the SIEM and SOAR platform
• Act as the subject matter expert for the Eurofins SIEM and SOAR solution;
• Work with other IT teams to continuously integrate various logging sources with the SIEM;
• Decrease operational workload in the Eurofins Security Department by continuous development of automations and tuning of existing rules and automations;
• Maintain SIEM solution and document the environment;
• Develop and upgrade dashboards, channels, filters, rule engine set-up, reports and integrate correlations to the information security incident process;
• Monitor and recommend improvements based on events or incidents of apparent security breaches detected by SIEM in areas including networks, applications, databases, systems, and endpoints.
• Analyse, troubleshoot, and remediate issues with the SIEM and SOAR solution.

Other Assignments:

• Creation of reports on the status of the SIEM to include metrics on items such as number of logging sources, log collection rate etc;
• Incorporate change and patch management into the SIEM and SOAR system.
• Provide support to manage SIEM components, IDS/IPS, parsing/normalization of logs, rule engine, log storage, source device, log collection and event monitoring

QUALIFICATIONS AND EXPERIENCE REQUIRED:

Minimum of 3-5 years of professional consulting or enterprise experience as:

• SIEM Engineer;
• Cyber-security Analyst;
• Network Security Specialist.

Required

• Experience with end-to-end deployment of a SIEM solution to a greenfield environment;
• Experience with cyber intelligence / SIEM platforms (preferably QRadar but also alternatively Darktrace, ArcSight, Splunk or similar);
• Good experience in debugging security operation center systems, application, and network problems;
• Ability to document processes and procedures;
• Knowledge of the MITRE ATT&CK / D3FEND framework and respective adversary tactiques;
• Solid working knowledge of networking technology and firewalls, proxies, the OSI Model, protocols and standards.

Appreciated

• Experience in performing infrastructure support at an enterprise level;
• Ability to demonstrate strong knowledge of computer security concepts;
• Experience with information security devices (e.g. firewalls, intrusion detection/prevention systems);
• Project coordination or structural follow up/action tracking experience.

Personal profile

• Very good English communication skills (concise writing and orally convincing).
• Very good interpersonal relation skills.
• Ability to work in a complex international environment.
• Eager to learn and continuously develop personal and technical capabilities.

Education required:

• B.Sc. or M.Sc. in Information Technology or Information Security;
• Languages: fluent English

Ability and/or Skills:

Developed problem solving skills, ability to work independently with limited supervision and no more than general directions, knows when to consult with supervisor on major issues/problems, demonstrated knowledge and skills in designated areas, ability to handle multiple priorities, ability to function in an environment of constant change, strong organization skills and attention to detail, willingness to work overtime, excellent interpersonal and communication skills, ability to work under medium to high stress levels.