Job Title: Security Analyst in the REWE Group Austria's Security Operation Center
We are looking for a highly skilled and experienced Security Analyst to join our team at the REWE Group Austria's Security Operation Center. As part of our team, you will be responsible for the continuous monitoring and analysis of data from our Toolset and Platform used by the SOC.
You will analyze, investigate relevant events, alerts, and information security incidents, and provide valuable insights into improving our posture during post-incident analysis.
Key Responsibilities:
* Respond to security incidents according to the security incident response policy and procedures
* Provide technical guidance to first responders for handling information security incidents
* Communicate investigation findings to relevant stakeholders to help improve the information security posture
* Validate and maintain incident response plans and processes to address potential threats
* Compile and analyze data for management reporting and metrics
* Monitor relevant information sources to stay up-to-date on current attacks and trends
* Analyze potential impact of new threats and establish new use cases together with our security platform engineers
* Participate in root-cause analysis to document findings, and participate in root-cause elimination activities as required
* Create runbooks for frequently occurring incidents to automate or assist with resolution
* Collaborate with security engineers to develop new use cases to further improve capabilities
* Expand existing tooling by onboarding new data sources and systems
* Work closely with infrastructure teams, information security officer, and colleagues from the REWE Digital SOC
* Suggest security improvements and identify potential security risks
About You:
* Minimum 3+ years of experience as a security analyst or similar role in a security operation center
* Relevant studies (computer science, information security, IT security, cybersecurity) or comparable hands-on training
* Certifications (CISSP, GIAC, etc.) are a plus
* Problem-solving skills and ability to work under pressure
* Strong communication skills to convey complex ideas to diverse audiences
* Decision-making capabilities with an entrepreneurial mindset
* Knowledge of frameworks and standards in the SOC environment (Cyber Kill Chain, MITTRE, etc.)
* Experience with SIEM solutions and other security tools (Splunk, SentinelOne, Proofpoint, Cyberark)
* Technical expertise in network security, including VPN, firewall, web server security, and Cloud
* Scripting language knowledge (e.g., Perl, Python, PowerShell)
What We Offer:
* A long-term, interesting job in a supportive team
* A family-friendly company culture with flexible working hours and remote working options available
* Staff shopping and travel discounts
* Numerous training and development opportunities within the group
* A market-compliant annual gross salary from EUR 50,000, depending on experience and qualifications