.At Galp, we believe that together we can make a difference in society by contributing to a more sustainable energy future. Changes starts with our people, where agility, continuous improvement, internal alignment and external focus are the values that define our organization where everyone, without exception, can reach their ultimate potential. We're counting on your energy SOC Analyst Mission Galp is seeking for an energetic and dynamic SOC Analyst to strengthen its Cyber Incident Management capability, responsible for monitoring, analyzing, and investigating security-relevant alerts. She/He will play a key role within the SOC/CSIRT Team, dedicated to safeguarding Galp's environment, including Critical Infrastructure and Services, against cyber threats.What you`ll do Analyze and investigate complex cyber related alerts escalated by L1; Support incident escalation to CSIRT (L3) and assess probable damages, identify damage control and remediation, and assist in developing courses of action; Ensure all investigative activity is properly documented in the SOAR platform; Develop new and maintain existing security monitoring use cases in the SIEM platform; Contribute to the creation and improvement of Response Playbooks; Continuously identify opportunities to improve security monitoring and coverage (Onboarding systems and log sources); Identify and share lessons learned with the purpose to improve incident management processes; Support L1 analysts byproviding guidance, specialized knowledge and context; Participate in regularpurple Team and Crisis Management exercises; Knowledge of general cyber incident response principles; Proficiency with SIEM and SOAR is preferred; Sound understanding ofcyber security principles and best practices; Good infrastructure and technology experience including demonstrable understanding of security operations; Security-relevant knowledge around Active Directory, Linux, Windows Server and Workstation OSs, and Could; Good knowledge of security issues inherent in common corporate environments; Knowledge of the MITREATT&CK Framework, Kill Chain, NIST and other security frameworks is valued; What you`ll need Knowledge of general cyber incident response principles; Proficiency with SIEM and SOAR is preferred; Sound understanding ofcyber security principles and best practices; Good infrastructure and technology experience including demonstrable understanding of security operations; Security-relevant knowledge around Active Directory, Linux, Windows Server and Workstation OSs, and Could; Good knowledge of security issues inherent in common corporate environments; Knowledge of the MITREATT&CK Framework, Kill Chain, NIST and other security frameworks is valued; Degree in computer science, information technology, or a related field is beneficial
