For over 80 years, GfK has been a reliable and trusted insight partner for the world’s biggest companies and leading brands who make a difference in every consumer’s life - and we will continue to build on this. We connect data, science and innovative digital research solutions to provide answers for key business questions around consumers, markets, brands and media. With our headquarters in Germany and a presence in around 60 countries worldwide, you benefit from our global company with a diverse community of ~9,000 employees.
Harnessing the power of our workforce, the greatest asset we have is our people. As part of GfK, you can take your future into your own hands. We value talent, skills and responsibility and support your development within our international teams. We are proud of our heritage and our future: Currently we are in the latter stages of a transformational journey from a traditional market research company to a trusted provider of prescriptive data analytics powered by innovative technology. This is only possible with extraordinary people and this is why we are looking for YOU to help create our future. For our employees as well as for our clients we pursue one goal: Growth from Knowledge!
Mission of the role
The Senior Security Operations Analyst’s primary role is to detect and analyze data centrally collected from various sources such as Intrusion Detection Systems, Directory Services, Proxies, Anti-Virus systems etc. and manage security incidents that may occur. The Security Operations Analyst also serves as the point of contact for end users and Technology staff to report suspicious events. Also, the Senior SOC Analyst serves as the escalation point for the SOC analysts during initial investigations of security events of interest. After identifying a potential security incident, the Senior Security Operation Analyst handles and supports the containment, analysis and remediation of incidents of medium and major severity.
Apart from reacting to potential security incidents, the Senior SOC analysts is actively hunting for threats in GfK’s environment, using dedicated security solutions or through means of advanced data analytics on the central security log management / SIEM solution. From the gained knowledge, the Senior SOC analyst builds advanced detection use cases on the SIEM platform, from managing the ingestion of required logs, creation of correlation rules and alerting, up to the creation and training of standard operations procedures for the SOC analysts and other relevant groups to appropriately react to these use cases.
As a Senior SOC Analyst you will have the following key accountabilities:
React to security alerts and security events of interest from Splunk, IDS, endpoint protection and other security related systems
Threat hunting in GfK’s environment
Advanced data analytics in Splunk
Perform event and incident analysis and management escalated by the SOC
Define advanced SOC use cases. Coordinate implementation and support with hands-on building of rulesets
Advise on mid-term countermeasures. Provide input to IT Security prevention, detection and reaction strategy
Escalation point of contact for security incident notifications from SOC Analysts, service desks, IT engineers and administrators
React to reported suspicious emails and phishing attacks
Manage security incidents – mid to major severity
Escalate major incidents to InfoSec management
Perform data analytics in Splunk, including the definition and creation of Splunk security use cases (detection rules)
Provide rotational on-call services during off hours and weekends.
Now that you know what a Senior SOC Analyst does, what skills, qualifications and experience do you need?
Demonstrate knowledge of industry security incident process frameworks such as SANS PICERL or NIST 800-61
Ability to think like a hacker
Able to manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur
Detect malicious applications and network activity
Ability to perform hypothesis driven threat hunts
Knowledge of industry security frameworks including Critical Security Controls for Effective Cyber Defense, ISO27001, NIST800-53
Operating, using and writing detection use cases for SIEM (Splunk Enterprise Security preferred)
Advanced working knowledge of security modules in Splunk or similar SIEM systems
Advanced working knowledge of security technologies including AV, endpoint protection, IDS, proxies, content filtering, application security, vulnerability management
Advanced technical understanding and knowledge of IT Security best practice, common attack types and detection/prevention methods, including CISecurity Benchmarks, OWASP and NIST guidelines, etc.
Analytical thinking & problem-solving skills
Good communication skills on technical and general level
Poise and ability to act calmly and competently in high-pressure, high-stress situations
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
High degree of initiative, dependability and ability to work with little supervision
Minimum of 4 years of relevant SOC experience, with at least one year focused on security incident response
Experience of handling security incidents such as web application attacks, phishing, container, public cloud, vendor supply chain incidents, ransomware, emergency vulnerability management and account compromise
Enthusiastic about the security industry and driven to continue learning and developing new skills
Strong communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business
A working knowledge of both the operations and digital technology environment
Working in a global enterprise environment
Strong experience in working on several projects simultaneously, ability to deliver projects on-time
Ability to travel, domestic or international, as required
One or more of the following certificates would be beneficial - GIAC certification/SANS training, GCIH, GCFA, GCFE, GNFA, GBFA, CCIM, GMON, GSEC
Join our team and benefit from the following advantages:
Exciting work environment that brings people together
Use of the latest digital technologies
Initial and ongoing trainings to support your development
Opportunities for personal and professional growth
Competitive remuneration and bonus scheme linked to individual performance and company results
Flexible working hours and home office
3 additional non-working days annually
Discount program with external vendors
Eco friendly travelers are welcome to the office – parking places for bikers and free card for public transportation are available to all employees
Last but not least – GfK Sofia office is located close to the city centre and easily accessible from any point by public transportation – 47A Tsarisgradsko Shose Blvd
All documents will be treated in the strictest confidentiality.
Only short-listed candidates will be invited for an interview.
We are an ethical and honest company that is wholly committed to its clients and employees. We are proud to be an inclusive workplace for all and are committed to equal opportunity in employment which focuses on all of our employees reaching their full potential. At GfK we work collaboratively with our colleagues but offer a flexible working approach, including dividing our time between office & remote working as well as the opportunity to flex our working hours around team core hours.
We offer an exciting work environment that brings people together. We encourage an entrepreneurial and innovative spirit. We make use of the latest digital technologies. We are looking for self-starters, who accept challenges and create solutions.
Can there be a better place to take center stage in the digital revolution? We are excited to get to know you!