Let us introduce you the job offer by EY GDS Poland – a member of the global integrated service delivery center network by EY.

EY Technology

Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have over 300,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization.

EY Technology supports our technology needs through three business units:

Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly.

Enterprise Technology (ET) – ET supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. ET will also support our internal technology needs by focusing on a better user experience.

Information Security (Info Sec) - Info Sec prevents, detects, responds to, and mitigates cyber risk, protecting EY and client data, and our information management systems.

The opportunity

The Senior Threat Detection Engineer will be responsible for the management and enhancement of globally deployed SIEM and security sensor rulesets and configurations. This role will work closely with the Cyber Threat Intelligence team, Incident Response, and monitoring analysts to define and tune rules and device security policies to meet the mission requirements.

Skills and attributes for success

Essential Functions of the Job :

• Responsible for creating, tuning and enhancing security policies on SIEM, IDS, EDR, and full packet capture tools with a special focus on SIEM rules development
• Work with project teams to design, implement, and distribute monitoring policies
• Implement detection methodoligies across the MITRE ATT&CK framework
• Provide the Cyber Defense team guidance on Cyber threat detection best practices, technical requirements, and integration
• Develop and maintain expertise in a wide variety of technology platforms, threat vectors, and threat actors, and communicate it to technical and non-technical personnel
• Manage and improve information security documentation as required
• Work with other operational teams to resolve incidents and report on events
• Provide support during investigations and threat hunt missions when required

To qualify for the role you must have

• Demonstrated integrity in a professional environment
• Knowledge of standard change management procedures
• Excellent leadership and teaming skills with domestic and internationally located teams
• Excellent ability at building relationships with other organizational groups
• Promote a security-first mind set, ensuring decisions are made without compromising core security objectives
• Excellent verbal and written communication and presentation skills; high attention to detail      

Experience:

• 5+ years of relevant experience in threat intelligence, intrusion analysis, incident response, malware analysis, security operations or similar role
• Expert level exeprience researching, creating, and tuning SIEM rules in one or more products (Splunk, Logrhythm, Elastic)
• Basic proficiency managing and extracting data from common database standards
• Demonstrated understanding of the threat intelligence life cycle, network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs)
• Demonstrated hands-on experience analyzing high volumes of logs, network data and other attack artifacts
• Basic understanding of IP networking technology, to include addressing, routing, common protocol usage, and network architecture
• Hands-on experience as an administrator configuring one or more of SIEM, Endpoint Protection Vulnerability Scanners, or Data Loss Prevention, sufficient to make common changes unassisted

Preferred:

• Proficient with one or more scripting languages such as PowerShell, Python, Bash, etc. in a threat intelligence or incident response environment
• Understanding of cloud security fundamentals (Azure, AWS, etc.)
• Experience creating and tuning IDS rules using common standards like Snort and Yara

Supervising Responsibilities:

• This role will not have direct supervisory responsibilities, but will be expected to mentor and coach less experienced analysts

Qualifications, certifications and Education requirements:

• Under Graduate/Post Graduate Degree in Computer Science or Engineering or related domain (MCA/MTech/BTech/BCA /BSc CS or BSc IT).

Desired Certifications:

• Candidates holding a CISSP, CISM, GIAC, or a Microsoft administrator certification is a plus

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

About EY

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.