A

L2 CSIRT Analyst

Alter Solutions
Full-time
On-site
Porto, Porto, Portugal

Job Description

Job Description:

The L2 Computer Security Incident Response Team (CSIRT) Analyst plays a crucial role in responding to and investigating cybersecurity incidents, including Data Loss Prevention (DLP). This role is essential for promptly addressing alerts, conducting detailed incident analysis, and escalating sensitive/critical cases to the L3 CSIRT Analyst.

Main Responsibilities:

  • Manage cybersecurity investigations based on CyberSOC use cases and DLP detection systems;

  • Analyze the effectiveness of existing DLP controls and propose technical, functional, and process improvements;

  • Contribute to the development and optimization of CyberSOC use cases;

  • Monitor DLP-related events, conduct investigations, and respond to data leakage incidents according to internal procedures (including interviews with key stakeholders such as HR, Procurement, DPO, etc.);

  • Develop and improve data protection policies and rules across various systems and manage exceptions;

  • Respond to and facilitate eDiscovery requests from the IT Security, HR, Legal, and Compliance teams;

  • Maintain accurate and detailed records of incidents in the group’s GRC tool;

  • Support cybersecurity governance by providing detailed reports and KPIs;

  • Quickly escalate complex incidents to L3 CSIRT Analysts, ensuring all relevant data and preliminary findings are accurately communicated;

  • Contribute to the industrialization and formalization of Cyber Defense processes, improving their effectiveness;

  • Provide analysis and expertise on cybersecurity incidents, including root cause identification and preventive measures.

Qualifications

Technical Skills:

  • Event and incident monitoring and response (identification, alerting, and containment);

  • General cybersecurity knowledge (log analysis, endpoint security, e.g., EDR solutions);

  • Scripting languages (Python);

  • Protocol knowledge (HTTP, SMTP, etc.);

  • Experience with SIEM (Security Information and Event Management);

  • Experience with SOAR (Security Orchestration, Automation, and Response);

  • Knowledge of DLP (Data Loss Prevention) solutions.

Language Skills:

  • Fluency in English (both written and spoken) is mandatory.

Apply now
Share this job
Twitter Facebook Linkedin Email