Head of Cyber Defense Center Incident Response Team

Prague, Hlavní město Praha, Czechia Global Business Services 33575 29. June, 2020
Apply
ABOUT THE ROLE:
Prepare and Rehearse
Lead preparation and planning efforts, within DHL IT Services organization, to respond to various security incident scenarios (internal and external). Plan, design, deploy and improve incident response ecosystem capabilities: people, processes and technologies to efficiently and effectively respond to real and potential scenarios. Rehearse to ensure continuous high readiness.  

Respond
Lead (plan, organize, coordinate) medium and major security Incident Response efforts across DPDHL organization, with help of: six “Incident Responders” under direct command, Cyber Defense Center teams, Incident Retainer services with 3rd parties, and other Cyber Security and IT organizations. 

Hunt
Orchestrate Cyber Threat hunt exercises. Manage portfolio of hunt hypothesis, their execution and end outcomes delivery. Develop adaptive capabilities to allow easy on-boarding and efficient execution of new threat hunt exercises to prepare organizational response to “zero-day” threats, campaigns and vulnerabilities.  

The Team / AsOne
Cyber Defense Center Incident Response Team is part of an adaptive, integrated and intelligence driven function which, in relation to cyber-attacks, provides range of predictive, prevention, detection and response services to DHL Group. CDC IRT works closely with CDC 24/7 Monitoring and Engineering, CDC RedTeam (CSIRT), and Security Engineering teams. 

What really matters!
Your KEY objective is to keep DHL IT operations running! by executing efficient and effective breach response capabilities, and minimization of impact on DPDHL Group from cyber incidents. Your MISSION is to: shorten time to detect a breach, shorten time to contain it, shorten time to remediate and recover from it. 

DPDHL group must always emerge stronger from every cyber threat response rehearsal, from every medium and major security incident, from every cyber threat hunt and readiness exercise.

YOUR WORK:
  •  Nurture teams’ passion to cyber security, team’s purpose to protect DHL environment, and develop continuous learning mindset!
  •  Train and develop “Incident Responders” and Cyber Defense Center 24/7 Monitoring team members, regularly provide empowering feedback – people are our most critical “asset”!
  •  Manage continuous improvement program (Roadmaps) for CDC Incident Response Team domains: Prepare, Rehearse, Respond and Hunt. 
  •  Lead preparation and planning efforts, within DHL IT Services organization, to respond to various security incident scenarios. Provide regular reports on the matter. 
  •  Research emerging Cyber Threats, prepare incident response plans, and “sharpen” people, process and technology.
  •  Lead (plan, organize, coordinate) medium and major security Incident Response efforts, end-to-end, across DPDHL organization. Provide regular reports on incidents response activities, next steps and lessons learned.
  •  Orchestrate digital forensics (multi-platform and network), data acquisition and data analytics in-depth (host and network level). 
  •  Orchestrate memory forensics, targeted memory capture ensuring data integrity and fidelity. 
  •  Orchestrate malware static and dynamic analysis, malware reversing. 
  •  Lead Cyber Threat hunt exercises. Manage portfolio of hunt hypothesis, their execution and end outcomes delivery. Provide regular reports on the matter, propose improvements and own these.
  •  Develop adaptive capabilities to allow easy on-boarding and efficient execution of new threat hunt exercises to prepare organizational response readiness to “zero-day” threats, campaigns and vulnerabilities.
  •  Lead Security Architecture reviews and assessments of security technology stack too continuously boost security incidents breach prevention and detection capabilities (SIEM, EPP, EDR, SEG, SEW, NGFW, NGIPS, AD/AAD, other).
  •  Coordinate creation of Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX.
  •  Support SIEM content development by proposing incident detection ideas and testing these.  

YOU SHOULD HAVE:
  •  Passion for information security, continuous learning mindset and problem solving attitude – be a role model for the team!
  •  Ability to cope with fast changing situations and to keep calm, and stay focused during major incidents – again, be the role model for the team!
  •  Proficient people leadership, people development and stakeholder influencing skills.  
  •  Proficient experience in Information Security Incident Response management practices (ISIRT/CSIRT) and in Crisis Management situations.  
  •  Proficient experience in leading security incident response activities throughout their lifecycle.
  •  Proficient experience in digital forensics (multi-platform, network, memory), data acquisition and data analytics in-depth (host and network level). 
  •  Proficient experience in cyber threats modeling, identification, and assessment techniques.
  •  Very good experience in cyber threat hunt and red / blue team exercises. 
  •  Very good understanding of Common Cyber Attack techniques and principles e.g. MITM, Cyber Kill Chain and MITRE ATTACK framework. 
  •  Very good understanding of Security Information and Event Management (SIEM) platforms. 
  •  Very good understanding of Threat Intelligence Platform (TIP) and Incident Response Platform (IRP) concepts. 
  •  Very good understanding of Intrusion Prevention Systems (IPS on host and network level) and Next Generation Firewall technology (NGFW).
  •  Very good understanding of EndPoint Protection Platform (EPP) and EndPoint Detection and Response (EDR) solutions. 
  •  Very good understanding of Information Security common body of knowledge (e.g. taxonomy used by ISC2, SANS, ISO270xx).
  •  Good understanding of programing language (e.g. Python, Shell, PowerShell, CSharp) and system administration concepts (to run forensic lab, malware lab, honeypots net, other).
  •  Very good reporting skills. 

NICE TO HAVE:
  •  Good understanding of Continuous Improvement framework.
  •  Understanding of Project Management (PM) and IT Infrastructure Library framework (ITIL). 
  •  Understanding of Identity and Access Management (IAM), Web Application Security (WAS) and Cloud Security concepts. 

WE OFFER:
  •  Ability to join one of the most agile and passionate Cyber Security teams in the Czech Republic! 
  •  Opportunity to join advanced cyber threats’ “hunt” / “seek & destroy” missions. 
  •  Great team of IT professionals - “Brothers in arms”; be warned that we have specific sense of humor and very direct communication style. 
  •  Modern offices in Chodov
  •  Home office possibilities
  •  Permanent contract
  •  Company Car, Pension plan contribution, Long-term Sickness Insurance
  •  CAFETERIA employee benefit program with wide selection of benefits from Edenred
  •  Extra week of holiday (25 days/year), 6 Self-sickness days/year, Full salary compensation for up to 10 days absence due to illness per calendar year, Lunch vouchers fully covered by company
  •  Multisport card, mobile and laptop, fruit days, sport clubs for employees, Referral program……

For more details do not hesitate to contact lukas.mandzikievic@dhl.com.

Facts and Figures

  • Working Hours

    40

  • Business Unit

    DHL Information Services (Europe) s.r.o.

  • Travel Required

    less 50%

  • Employment Type

    Permanent Full-Time

  • Shift Requirement

    None

Apply

I like working for DHL because it is the worldwide leader in logistics where customers and employees are always in focus.

Current Employee – Project Manager in Bonn