SERVICE DESCRIPTION:

For the information security platform to be built in the overall project, SOAR functionality will be built as one component. This comprises the following three components:

• Security Orchestration and Automation (SOA)

o Integration of solutions
o Modelling and playback of workflows for automation

o Management of playbooks

• Security Incident Response Platform (SIRP)

o Security Case and Incident Management
o Definition of task steps

o Knowledge base for security incidents

• Threat Intelligence Platform (TIP)

o Threat Intel Aggregation, distribution and remediation of resulting threats
o Enrichment of alerts
o Visualization and structuring of Threat Intel
In order to map the functionality, various technical components are required.
A decision on the products to be used is made by the AG. However, according to the current state of knowledge, none of the solutions discussed supports all the necessary functionality. Therefore, the selected solution must be further developed as a basis for further action.

QUALIFICATION REQUIREMENTS:

1. language skills: German: Level C1 and English Level B1 - Common European Framework of Reference for Languages CEFR.
2. certification: Elastic or Open Search certification - e.g. “Elastic Certified Engineer”.
3. certification: DFIR (Digital Forensics Incident Response) certification:
   a. eLearnSecurity Certified Digital Forensics Professional (eCDFP)
   b. GIAC Certified Forensic Analyst (GCFA) or GIAC Certified Forensic Analyst (GCFA)

EXPERIENCE REQUIREMENTS:

1. practice and project experience in IT security projects in the area of detection and defence against cyber attacks (min. 5 years).
2. practice and project experience with at least 2 SIEM products in production (min. 2 products)
3. practical and project experience with at least one SOAR product in production (at least 1 product)
4. experience in creating detection mechanisms in SIEM environments (min. 2 projects or 2 years)
5. experience in the creation of work plans (so-called playbooks or runbooks) in the SOAR context (at least 2 projects or 2 years)
6. practical experience with Kubernetes (at least 1 project or 1 year)
7. experience in setting up a Digital Forensic and Incident Repsonse (DFIR) environment including SOAR (at least 2 projects or 2 years)
8. practical experience in security incident handling and digital forensics. (min. 2 projects or 2 years)

TASKS:

• PoT SOAR
  o The Contractor creates a prototype deployment of the solution selected in the project on the Kubernetes clusters of the project test environment.
  o The Contractor checks the technical quality and IT security of the selected solution.
  o The Contractor compares the actual functionality of the selected solution with the requirements situation and documents missing functionality. The configurability/extensibility of the solution is an aspect to be considered.
  o The Contractor shall develop missing functionalities and configuration specifications on the basis of the results of the requirements review.
  o The contractor plans and carries out a demonstration of the solution at the customer’s premises.

o The CO creates a concept for an external SOAR UI that can be used by different roles from different services.

• Please submit your CV in English or German, along with copies of relevant certificates