Join ABB and work in a team that is dedicated to creating a future where innovative digital technologies allow greater access to cleaner energy.
We are an international pioneering technology leader that is writing the future of industrial digitalization, with ABB’s employee base of more than 147,000 people. To support our continuous growth and ensure adequate protection of ABB information against evolving threats, we are expanding our global Information Systems (IS) Risk & Security organization. We secure tomorrow’s Internet of Things and Connected Objects world!
Are you a seasoned IT professional with experience in information security and risk, eager to grow in a fast-paced, diverse and ever-changing environment? Do you welcome complex problems and ambiguous situations as an opportunity to develop? Then seize this unique opportunity, get exposed to the latest trends and challenges in IS security by joining our team of experts delivering proven risk & security services for our business, customers and regulators.
Your responsibilities
- We are looking for candidates for the position of a SOC Engineer to support us with monitoring ABB environment, protecting ABB information assets and responding to potential threats.
- You will be part of ABB Security Operations Center (SOC) that reports functionally to Threat Detection & Engineering Service Manager.
- Your responsibilities:
- Support prototyping and continuous development/integration of tools to store, exchange, and analyze threat and incident data
- Maintaining an always up-to-date picture about ongoing security events, threats and potential attacks on ABB IS environment
- Developing and adjusting configuration of use cases, monitoring scenarios, detection patterns
- Designing and implementing dashboards and data visualizations for various security stakeholders
- Cooperation with IT team to adjust configuration of log sources (e.g. cooperation in adjusting log sources’ logging settings to limit number of data sent to SIEM)
- Supporting for continuous improvement of existing SOAR playbooks to address new threats and tactics employed by attackers
- Collecting requirements from other Security teams and build the SOAR playbooks accordingly
- Tuning the SOAR playbooks according to the requirements and feedbacks
Your background
- Your experience and skills:
- You have:
- Graduate level with Information Technology or Information Systems focus, with 3+ years of practical experience in Correlation rule development, Incident triage and/or Response
- Security Certification (CISSP, Security+, SANS SEC504/SEC511/FOR508, OSCP) is a plus
- Deep understanding of intrusion detection concepts and information security defense
- Experience in writing automation scripts (PowerShell, Python or other)
- Ability to quickly develop effective solutions to unique problems using a combination of existing tools and custom code/scripts
- Familiar with latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures
- Proven ability to design, draft, and publish high-quality technical and business-level reports, studies, whitepapers
- Advanced SPL skills. Expertise in developing Splunk dashboards, data models, reports and applications
- Fluent English language skills (spoken and written)
- Experience in working in virtual, multicultural teams
- You are:
- Proactive and motivated by technical challenges, with a strong desire to deliver quality products on time