Your contribution to TenneT
Can you contribute to keeping the digital side of TenneT secure? At our Security Operations Center (SOC) you will work as an analyst on Cyber Threats, Risks, and Incidents. Your goal is to ensure that your colleagues can continue to do their work securely and well.
Your daily operational work will consist of:
· Vulnerability & Threat Management
· Security Event Management
· Security Awareness Building
In addition to this operational work, you get excited about participating in further professionalizing the SOC. Our focus in the coming period will be on further developing playbooks, orchestration, and automation.
- has a "helicopter view": during complex incidents you can easily keep an overview of all context, what is going on, and what still needs to be done;
- has strong analytical skills: you know how to summarize and communicate the core of an incident;
- has a pro-active attitude aimed at getting the operational work done, and excelling at our projects;
- is constantly on the lookout for possible improvements of tasks or ways to automate work;
- focuses on clear communication and good documentation.
The Team
You will be joining a close-knit and relatively small team. We have all entered the security field from different backgrounds and see this as our strength. Our main operational work is done by shifts as a First Responder. You will always have a Second Responder assigned to exchange views with, and as a back-up if the workload increases. Of course, when a critical incident arises, it's all-hands-on-deck for the entire team.
When you are not the First Responder you will be working with us on developing our capabilities. We work in Agile Sprints in line with the entire (~400-headed) department.
An important goal for us is to maintain a safe culture within the team. We aim to improve as a team by reflecting on our approach and conduct. We work hard to prevent gaffes, but if they do happen, they are a chance to learn and grow. You won't be shot down for them.
At the moment we mainly work and collaborate online, with one 'team day' per week at the office.
Security Events and Incidents
At the SOC we receive events, alerts, questions, and incidents, through multiple channels. You triage and process these through the phases: Detect, Report, Assess, Decide, Respond, Learn & Improve.
In many cases we don't expect you to resolve a Security Incident by yourself, but it is up to you to coordinate the mitigation with other teams within TenneT. To achieve this, it is important that you are strong in communication (Dutch and English) and documentation.
In addition, you also like to be involved in the further development of our Orchestration & Automation. This will enable us to get through the Security Process, to the Respond phase, as effectively and successfully as possible.
Vulnerabilities, Threats, and Risks
We maintain insight on how to reduce the opportunities for cyber criminals by continuously scanning for vulnerabilities, assessing threats, and analyzing risks. You collect and enrich this information. You ensure prevention, mitigation, or remediation where feasible. Your end goal is to prevent Security Incidents as much as possible.
Security Awareness
We do not see our colleagues as the weakest link of Security, but rather as the toughest final defense against cyber threats. To aid them in this, you are continuously expanding their Security Awareness. If you notice a situation where Awareness won't suffice, you will advise technical solutions to mitigate risks.
To achieve this, all SOC analysts need to train both their people skills and technical skills. What would you pick for your next yearly SANS course?
Your profile and background
You are a medior or senior SOC analyst. This means that you have several years of experience working in a SOC. You are comfortable with multiple core security tools, can work independently, and can train your colleagues to a higher level. Relevant security certifications make this easier to prove.
Next to the technical skills, it's also important to us how you approach your work. You don't mind getting your hands dirty with our operational work. During complex incidents you can easily keep an overview of all context, and apply your analytical skills to get to the core of the issue. You are able to clearly communicate with both technical and non-technical colleagues. You keep proper documentation of all events and communication.
In addition to this operational work, you get excited about participating in further professionalizing the SOC. You are constantly on the lookout for ways to automate our work. You take part in the projects on our roadmap and suggest possible improvements where appropriate.
This role is only for staff with impeccable reputation. Screening will be done on a very strict level.
Standby duty will be part of the job
Our recruiting process
Our offer
This will be our challenge
Additional information
- Startdate: asap
- The weekly working time is 32-36 hours
- The position is unlimited
- Job interviews for this position will be (partly) in English. Please send us your application document in English as well
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo onsequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo onsequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.