Mitarbeiter:innen bei REWE![]()
(Senior) Security Analyst (m/f/x) (female/male/diverse)
As the IT of the REWE Group Austria, we work together with our more than 700 employees to develop innovative IT products and services for all our corporate divisions in Austria and abroad, setting the tone for modern trade.
As part of our Security Operation Center you will be responsible for the continuous monitoring and analyzes of the provided data by our Toolset and Platform used by the SOC. Together with the team, you’ll analyze, investigate relevant events, alerts and information security incidents and provide valuable insights into improving our posture during post incident analysis.
Job description
- Respond to security incidents according to the security incident response policy and procedures
- Communicate investigation findings to relevant stakeholders to help improve the information security posture
- Monitor relevant information sources (such as specific technology related news, Twitter, LinkedIn and information sharing and analysis centers) to stay up to date on current attacks and trends
- Analyze potential impact of new threats and establish new use cases together with our security platform engineers
- Perform or participate in root-cause analysis to document findings, and participate in root-cause elimination activities as required
- Create runbooks for frequently occurring incidents to automate or at least assist with the resolution of those cases
- Assist in building, enhancing and expanding the SOC platform
- Help creating an internal SOC service offering
- Work in close partnership with our infrastructure teams, information security officer and colleagues from the REWE Digital SOC
- Support an open feedback culture and a forward-looking error culture (learning organization)
Qualifications
- At least 3+/5+/8+ years of relevant professional experience as a security analyst or similar role in a security operation center
- Successfully completed studies (computer science, information security, IT security, cybersecurity) or comparable hands-on training
- Certified Information Systems Security Professional (CISSP) and/or Global Information Assurance Certification (GIAC) would be a benefit and/or other similar certifications
- Knowledge of frameworks and standards in the SOC environment such as Cyber Kill Chain, MITRE or similar standards • Proven record in using SIEM, XDR, EDR, NDR and PAM solutions
- Technical knowledge of the products – Splunk, SentinelOne, Proofpoint, CyberArk is an advantage
- Technical expertise in network security, including VPN, firewall, web server security and Cloud and specific OT and IoT knowledge are considered a plus
- Understanding of Windows, Active Directory and Linux administration
- Knowledge of at least one scripting language (e. g. Python or PowerShell)
- Ability to work well under pressure while maintaining a professional image and approach
- Ability to communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative and actionable manner
- A precise, responsible mindset, reliability and strong analytical and conceptual skills
- Highly proficient in spoken and written English and willingness to learn the local language
Additional Information
- Long-term, interesting and varied work for a reliable employer in a supportive team
- A family-friendly company culture with flexible working hours and remote working options available
- Staff shopping and travel discounts
- Numerous training and further development opportunities within the Group (5% of working time for self-organized training and education)
- On-site parking
- A lunch allowance
- A market-compliant, attractive and performance-related annual gross salary from EUR 50,000 with the willingness to overpay with appropriate experience and qualifications