Analyst of information security incidents in Meest

Meest Group is an international group of companies that provides postal, logistics and e-commerce services in more than 30 countries. We are actively developing digital services and pay special attention to information security, data protection and stability of business processes.

In connection with the expansion of the Security Department, we are looking for an Incident Analyst of Information Security to join the SOC team and participate in monitoring, analysis and response to information security events and incidents.

If you are interested in cyber security, you you want to develop in the SOC direction and work with real incidents - we invite you to join the Meest Group team!

Your main tasks:

• Monitoring and primary processing of security events: alternate monitoring of the alert queue in the SIEM system and other protection tools (EDR, Firewall, Antivirus) in order to detect suspicious activity;
• Incident classification and triage: primary analysis of triggers, separating false positives from real incidents and prioritizing them in accordance with internal regulations;
• Response according to Playbooks: performing basic threat localization actions (blocking IP addresses, isolating workstations, etc.) and escalating complex cases to L2 analysts;
• Collection and analysis of forensic data: participation in the collection of logs, headers emails, file hashes, checking suspicious files and links in sandbox environments;
• Documentation and reporting: keeping a history of incidents in the ticketing system, describing the actions taken and participating in the preparation of regular reports on the state of information security.

We expect:

• Desirable experience in the field of cyber security (willing to consider students 4+ course);
• Education or training in the following areas: cyber security / information security / computer science / software engineering;
• Understanding network technologies: OSI model and TCP/IP protocol stack; working principles of DNS, DHCP, HTTP/HTTPS, SMB, SSH;
• Understanding the nature of cyber threats and attacks (difference between malicious software and legitimate administration tools; basic knowledge of Cyber Kill Chain or MITER ATT&CK)
• Skills for working with OS and system logs: (Windows or Linux (CMD / PowerShell); understanding the structure of logs (Windows Event Logs, /var/log));
• Theoretical understanding of the working principles of SIEM, EDR/AV and Firewall;
• English language - Intermediate+ level (reading technical documentation).

Personal qualities:

• Purpose and perseverance;
• Desire to develop in the field of cyber security;
• Initiative and responsibility;
• Ability to work according to instructions and follow regulations.

We offer:

• A job at Meest Group — a large international company with Ukrainian roots;
• Professional development in SOC and practical experience in working with real incidents;
• Team support, training and social guarantees;
• Social mission: Meest Group supports the Ukrainian front, education, medicine and the development of the country.

Join the Meest Group team and develop in the field of information security.