Do you have a burning passion for IT security? We are looking for Senior Security Analysts

Defendable deliver 24/7, 365 days a year security monitoring, incident response, security testing and cyber security consultancy services. We are currently around 80 employees, and are looking for new talent to join our team.

Defendable’s ambition is to be an end-to-end security partner for our customers, from the operational to strategic level. We believe one of the keys to achieving an ideal security posture is the ability to translate operational insights into strategic advisory and vice versa. We want to help our customers by supporting them with the people, processes and technology to help them defend against the myriad of threats on the digital landscape. Our ultimate goal is to help our customers be more defendable against cyber attack, and this is why our company is called what it is: Defendable.

Defendable are looking for:

We are recruiting in Oslo, Sørlandet and Bergen.

• Experienced security analysts who want to join a workforce of technically skilled peers and colleagues
• People with a doer mindset who would like to develop, build and innovate our capability and services in the following areas:

- incident response

- cyber threat intelligence

- intrusion analysis

- detection development and threat hunting

• People who are experienced in the art of resolving serious incidents, and have experience with all phases of incident response including identification, containment, mitigation and recovery

Senior Security Analyst

As a Senior Security Analyst in Defendable you will have the opportunity to work with technical analysis, threat analysis and incident response in our Security Operations Center, Cyber Threat Intelligence or Incident Response Teams. You will also offer advice and assist in the implementation of containment or mitigative measures to assist the affected customer to recover.

As a part of the Defendable’s Cyber Defence Centre, you will analyse attack campaigns against our Managed Detection and Response (MDR) customers, as well as have the opportunity to conduct threat hunting, utilize threat intelligence and/or develop tooling to increase effectiveness and efficiency for both proactive and reactive incident response services.

In addition, our Incident response team works closely with the advisory department in the planning and execution of crisis management and tabletop exercises.

Skills and experience

To apply, you should have some or most of the following:

• Good oral and written communication skills in English and preferably Norwegian
• Education at the Bachelor/Masters level, with minimum 5 years relevant work experience OR demonstrated competence through certifications, courses and additional work experience
• Experience with how to look for suspicious events without using prescriptive atomic indicators of compromise (IOCs)
• Experience writing reports that detail complex technical analysis and incident response cases
• One or multiple of the following certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA), GIAC Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware (GREM) or equivalent
• Knowledge of scripting or programming in Python or other relevant programming languages for the purposes of building bespoke programs to automate processes
• Enthusiasm for documentation, visualization and communicating ones findings and analysis in an effective and understandable manner for varying audiences
• Knowledge regarding various threat groups, their tactics, techniques and operational methods
• Knowledge and experience with analytical models such as ACH, the Diamond Model, Cyber Kill Chain, Pyramid of Pain, MITRE ATT&CK, the intelligence process etc.
• A good overarching understanding of the current threat landscape

You should also have competence and practical experience in multiple of the following areas:

• Log analysis of big datasets from both networks and systems, including firewalls, Windows Event Logs, access logs, audit logs) using SIEM tools such as Sentinel, Elastic, Splunk, or similar.
• Usage of Microsoft security suite, including Microsoft 365 Defender, Sentinel and related products
• Sysinternals for Unix/Linux and Windows
• Disk and memory analysis for Linux and Windows using tools such as Sleuthkit, FTK, Axiom, Volatility, Rekall or similar
• Dynamic analysis of malware using tools such as Cuckoo, CAPE, Joe’s sandbox or similar
• Reverse engineering of malware using tools such as IDA, xdbg, GHidra or similar
• Analysis of network traffic (pcap) using tcpdump, Wireshark or other tooling
• Familiarity with conducting live response using Carbon Black, Google Rapid Response, Microsoft Defender, Axiom Cyber or other agents
• Experience using tools such as UrlQuery, PassiveTotal, VirusTotal, DomainTools or similar to help triage, enrich or expand an investigation
• Experience in using tools such as Threat Intelligence Platforms and investigative tools such as Maltego to pivot and link findings produce additional threat intelligence or provide context to an intrusion
• Demonstrated skill in decision making and the formulation of mitigative actions to defend against emergent threats

Personal skills

As an employee in Defendable it is important that you demonstrate the following qualities:

• Integrity and a strong work ethic. We work on sensitive issues, and must be considered a trusted security partner by our customers
• Analytical and systematic. Our role demands that we are meticulous and that we work together with our customer gain the best possible insight into the challenges at hand
• Initiative, curiosity and creativity. In our work, our teams often encounter situations where creative problem solving is required.
• Being structured, and self driven. We are looking for employees that have the ability to structure, plan and organize their own work.
• Flexible and solutions-oriented. In this line of work, we are often faced with demanding, time critical situations. In some situations this may require travelling on-site, in order to manage the crisis in the best method possible
• Ability to cooperate. We work with a lot of different companies and organisations across various sectors. You must be able to work with both human and technical resources from a wide range of areas, with varying levels of expertise
• The ability to explain highly technical concepts in a non-technical way to a variety of audiences. You should be communicate well both in oral and written forms. We place a high value on the sharing of experiences and knowledge within the company

We offer

• An exciting position in a environment where technical competence is highly valued
• Challenging and interesting work, with an emphasis on continual learning
• The opportunity to work in a growing company, with ambitions to be the best in certain arenas
• A central role to build and influence development of our services
• Customers that matter and a position to make a difference
• Flexibility. Due to the nature of working with incidents, we require flexibility in this role. However we also offer a great deal of flexibility in return, with options to work remotely or to adjust working hours around the norm.
• A professional but social working environment, with colleagues that support and cheer for one another

Candidates should be able to get a Norwegian security clearance. Please note that we will potentially conduct background checks of candidates. Screening of applicants and interviews of candidates will begin from January 2023.