.Position Title: Associate Cybersecurity Operations Officer (Incident Response)Position Type: Temporary - 12 monthsNumber of Positions: 1Date of Issue: 06/09/2024Date of Closing: 25/09/2024Grade: P2Duty Station: Brindisi, (Italy); Valencia, (Spain);New York, (USA)Organizational Location/Unit: Cybersecurity Operations Unit (CSO)Position DescriptionPurpose of the Position: Provide frontline support to UNICC Partners in the area of information/cyber security, risk management consulting, and security operations activities.Objectives of the Programme: The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.Main duties and responsibilities:Under guidance, develop and build Automation scripts to perform Threat Hunting and Cyber Threat Intelligence (CTI) enrichment.Enhance Cyber Threat Intelligence following Security Incidents to continuously improve our defenses.Collaborate with relevant team members to perform threat and anomaly detection, analytics, and digital Forensics investigations.Investigate cybersecurity events escalated from Level I & II Analysts and Clients, providing analysis and recommendations.Under guidance of the Cybersecurity Operations Officer, develop and refine SIEM use cases and response processes/procedures.Align SIEM/SOC use cases with business requirements using a risk-based approach to ensure optimal security posture.Conduct forensic analysis of events, images, packets, and other digital evidence to uncover root causes and identify mitigation strategies.Act on and monitor security incident response and remediation efforts, ensuring effective resolution.Perform malware reverse engineering to identify and mitigate threats proactively.Provide ad hoc support either within the Unit or other units as required — this includes participation in special projects or support to service delivery for a short period of time on a part-time or full-time basis upon request from senior management.Recruitment ProfileExperience and Skills required:A minimum of two (2) years of relevant experience in Information Technology, including in conducting or coordinating cybersecurity incident response activities.Proven experience in reviewing raw log files, data correlation, and analysis (i.E. firewall, network flow, IDS, system logs).Demonstrated experience in scripting languages such as Python, PowerShell, or Bash for automation purposes.Strong knowledge of AWS and/or Active Directory.Knowledge of static and dynamic code analysis on x86.Education:First university degree in Computer Science or related field.At least one of the following technical certifications: GCFE, OSCP, GCIH, GCIA, GPEN, or other GIAC/similar certifications.Advanced university degree in Management Information Systems, Computer Science, Computer Engineering, or similar.Languages:English: Expert knowledge is required.Spanish, Russian, or Arabic: Beginner knowledge is desirable
