Senior Lead, Security(T2 SOC Analyst)

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

• Work in 8X5 model, as part of Global SOC Team that operates in office time with possible on-call (8:00 - 17:00)
• Conduct preliminary incident triage according to the Security Incident Management Triage Matrix and set the priority, provide analysis, determine, track remediation, and escalate as appropriate.
• Utilize the intrusion detection, security scanning, security log collection, content filtering, and other security related systems to perform triage and investigation and incident response.

• Competitive salary and benefits: Private Life & Health Insurance, Voluntary Pension Fund contribution and monthly benefit allowance to SZÉP card.
• Internal rewards and recognition programs.
• Ongoing wellbeing initiatives (including mental health support), team outings and seasonal gifts.
• Commuting and relocation support for local, EU or overseas candidates and their spouses and children (provided certain conditions are met).
• Annual profit-sharing bonus subject to company performance.
• Personal and professional development both in-person and online (certified trainings, on-the-job coaching & mentoring, career progression support); we also nurture new talent and 'career changers' through our comprehensive education programs and exclusive accreditations.
• Flexible working opportunities (part-time and home office) for a better work-life balance.
• Annual 1-day paid leave for volunteering.
• An open, diverse, inclusive, and empathetic culture that supports learning and encourages collaboration over competition.
• As the proud owner of the Family Friendly Workplace certification, we provide great benefits for working parents with fair maternity and paternity leave policies such as additional bonding leave for dads and same-sex domestic partners at the birth or adoption of a child, accommodating working parents based on needs, organizing family events and many more.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or other related fields, from an accredited university. Equivalent professional experience can be used in lieu of a degree.
• 2-5 years of security analyst experience, preferably in a managed services environment.
• Proven experience with operations using commonly used information security solutions (with main focus on MS Sentinel, MS Defender)
• Proven technology knowledge of Windows, Active Directory, Linux, SIEM Solutions, Antivirus software, Proxy.
• Experience in Cloud Security monitoring and in advanced analytics (UEBA)
• Knowledge of the most common and used frameworks (E.g., NIST CSF, ISO2700x, CMM SOC, etc.)
• Sound experience on programming languages: Python and/or R. and/or PowerShell, KQL
• Proven knowledge of current security threats, techniques, and landscape, and a dedicated and self-driven desire to research and learn more about the information security landscape.
• Review and triage experience with endpoint detection and response, SIEM tools
• Experience and knowledge related to the configuration and maintenance of security monitoring and reporting platforms, such as correlation engineering.
• Strong analytical skills, decision making, being able to work under time pressure, cooperating with other people and using the escalation processes when necessary.
• Experience in technical Team coordination/management would be a plus.
• English: Fluent (German would be a plus)
• Strong critical thinking and analytical skills and ability to think "out of the box" required.
• Must be able to work independently or with a team, under minimum supervision.

• MBA or master's degree
• CompTIA Security+, GIAC Security Essentials Certification (GSEC), SIEM & EDR Foundation certificates (Such as Microsoft Sentinel and Defender).
• Microsoft, Splunk, SANS.org security certifications related to SIEM, EDR products and operations (in example Microsoft AZ-500)
• A minimum of 2 years hands on experience with one or more of the following areas:
  • Operation and Implementation of SIEM and EDR solutions including:
    • QRadar or Splunk and Microsoft Sentinel, MS Defender.
  • Desing and Implementation of Monitoring strategy including:
    • Thorough knowledge on defining data sources monitoring based on clients' business
    • Knowledge on MITRE Frameworks (ATT&CK, D3FEND)
    • Familiar with Cyber Kill Chain
  • Desing and Implementation of Configuration Governance solutions including:
    • Knowledge on how to operationalize ongoing security configuration governance service using SOC standard methodologies, metrics, Operational Procedures.
• Familiarity with threat intelligence feeds and how to incorporate them into analysis.
• Knowledge of threat actor groups, tactics, techniques, and procedures (TTPs).