Security operations center engineer

Are you passionate about cybersecurity and would like to protect Volvo Group from digital threats and support us in our digital journey?

Background
The Volvo Group SOC is defending Volvo Group from cyberattacks and we are now hiring to support in our continued digital journey. Working in the SOC means that you will take on activities such as threat hunting in our SIEM and related systems, incident response or data science to mention a few. It also means managing cybersecurity incidents, enhancing our monitoring, detection and response capabilities. As a part of this team, you will be able to work within different areas where your competence or desire to develop best fits. The key to our success is daring to challenge our current ways of working and having fun while doing it. We are a great team with high ambitions to increase the SOC capability in the coming years with new tools and services which means great opportunities for you to learn and to develop in our team.

Who are you
We believe that you knows how an adversary could break into a company network and you are eager to find the weaknesses in our environment before the adversary does. You like to work in a team and can drive things to completion, which means that being proactive and willing to take ownership is something you enjoy. It is important that you like to interact with people and that you have good communication skills. You work in a professional way with focus on quality and can with support from the team: plan, schedule and monitor your own work. You could also have been working as a security engineer for some years and now want to take the next step.

What you will do

• respond to incidents that require investigation and remediation, as well as coordination of the incident

• perform work to prevent attacker objectives, including validation of use cases and functions leveraging event data, SIEM log analysis, and network data analysis tools

• monitor the environment and other internal tools for anomalous behavior to respond to potential threats to the organization

• support in the IT-security incident management process and development of the same

• support in developing the incident response strategy, including identifying visibility and detection gaps and developing use cases and response processes to close these gaps

• participate in post incident review to guide improvements and adjustments to cybersecurity response processes and strategies

Qualifications

• Minimum 2- 4 years as a SOC analyst or security engineer using different SIEM solutions

• Experience in performing incident response in cloud environments

• Common knowledge of critical security controls or frameworks as; authentication, encryption, IDS, WAFs, firewalls, HIPS, EDR, EPP, NIST

• Good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc)

• An understanding of the MITRE ATT&CK Framework and Cyber Kill Chain methodologies

• Ability to effectively communicate with technical and non-technical resources

• Self-directed, works with minimal guidance, and recognizes when guidance needed

We are looking for both junior and senior colleagues so please apply if you think this is interesting. Looking forward to you application.

If you have any questions, don’t hesitate to get in touch!
Andreas Crusell, andreas.crusell@volvo.com

All applications will be reviewed from the 17th August, due to the Swedish summer vacation period. Please do not expect any communication earlier than this. We look forward to receiving your application!

Kindly note that due to GDPR, we will not accept applications via mail. Please use our career site.

Union representatives Göteborg

Akademikerna – Therese Koggdal, +46 470 387855
Unionen – Johan Svedberg, +46 31 3222712
Ledarna – Ulrika Holmberg, +46 73 9025071