Job Description
As part of the Security Operation Center (SOC) at REWE Group Austria, you will be responsible for continuous monitoring and analysis of data from our SOC Toolset and Platform. Together with the team, you’ll analyse, investigate relevant events, alerts and information security incidents and provide valuable insights to improve our security posture during post‑incident analysis.
Key Responsibilities
Respond to security incidents according to the security incident response policy and procedures
Provide technical guidance to first responders for handling information security incidents
Provide timely and relevant updates to appropriate stakeholders and decision makers
Communicate investigation findings to relevant stakeholders to help improve the information security posture
Validate and maintain incident response plans and processes to address potential threats
Compile and analyse data for management reporting and metrics
Monitor relevant information sources (such as technology‑related news, Twitter, LinkedIn and information sharing and analysis centres) to stay up to date on current attacks and trends
Analyse potential impact of new threats and establish new use cases together with our security platform engineers
Perform or participate in root‑cause analysis to document findings, and participate in root‑cause elimination activities as required
Create runbooks for frequently occurring incidents to automate or at least assist with the resolution of those cases
Develop new use cases to further improve our capabilities with security engineers
Expand the reach of our existing tooling by onboarding new data sources and systems
Work in close partnership with our infrastructure teams, information security officer and colleagues from the REWE Digital SOC
Support an open feedback culture and a forward‑looking error culture (learning organization)
Identify potential security risks and forward them to the necessary authorities
Qualifications
At least 3+/5+/8+ years of relevant professional experience as a security analyst or similar role in a SOC
Successfully completed studies (computer science, information security, IT security, cybersecurity) or comparable on‑the‑job training
Certified Information Systems Security Professional (CISSP) and/or Global Information Assurance Certification (GIAC) would be a benefit and/or other similar certifications
Experience solving problems and conflicts in complex corporate structures
Strong problem‑solving and troubleshooting skills
Ability to work extremely well under pressure while maintaining a professional image and approach
Ability to perform independent analysis of complex problems and distill relevant findings and root causes
Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner
Strong decision‑making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
Knowledge of frameworks and standards in the SOC environment such as the Cyber Kill Chain, MITRE ATT&CK or similar standards
Proven record in using SIEM solutions, XDR, EDR, NDR and PAM
Technical knowledge of products – Splunk, SentinelOne, Proofpoint, CyberArk is an advantage
Technical expertise in network security, including VPN, firewall, web server security and Cloud
Specific OT and IoT knowledge are considered a plus
Knowledge of at least one scripting language (e.g. Perl, Python and PowerShell)
A precise, responsible mindset and reliability are among your strengths
Very good presentation and moderation skills
Entrepreneurial mindset and strong analytical and conceptual skills
Highly proficient in spoken and written English
Willingness to learn the local language
Benefits
Long‑term, interesting and varied work for a reliable employer in a supportive team
A family‑friendly company culture with flexible working hours and remote working options available
Staff shopping and travel discounts
Numerous training and further development opportunities within the Group (5% of working time for self‑organised training and education)
On‑site parking
A lunch allowance
A market‑compliant, attractive and performance‑related annual gross salary from EUR 60 000 with the willingness to overpay with appropriate experience and qualifications
We promote a diverse and inclusive work environment. Therefore, we welcome applications from people of different gender, age, cultural or social background, sexual identity and applications from people with disabilities. In addition, we would like to increase the proportion of women in technical professions and are particularly pleased to receive applications from women for this position.
Please upload your resume to give us insight of your work experience – anonymously if you like!
Apply now!
#J-18808-Ljbffr