IT Security Analyst

at  Brainlab

Company Description
Founded in Munich, Germany in 1989, Brainlab develops, manufactures and markets software-driven medical technology, enabling access to improved, more efficient, less-invasive patient treatments. Our key to success is our creative, talented and hard-working team, which consists of around 2400 dedicated and inspiring individuals in 25 locations worldwide. To succeed in reaching our targets, we are seeking committed colleagues who can stand behind our core values curious, authentic and useful.
Job Description
As an IT Security Analyst, you will be an integral part of our IT Security Team, responsible for investigating security incidents, preparing detailed reports, and presenting forensic evidence for incident management. This role demands strong analytical, investigative, and problem-solving skills with a meticulous approach to documentation, delivering comprehensive and actionable investigation reports. You will play a key role in assessing risk and providing timely evaluations for critical stakeholders.
Your responsibilities will involve extensive use of security tools, such as SIEM, XDR, EDR, case management, and threat intelligence technologies, to ensure the resilience and security of our systems.

QUALIFICATIONS

• Educational Background: Degree in Computer Science, Information Security, or a related field, or equivalent experience (2+ years in IT or cloud security).
• Technical Proficiency: Strong foundational knowledge in security best practices, with a preference for familiarity with ISO 27001, NIS2, HITRUST compliance frameworks.
• Analytical Skills: Demonstrated analytical and problem-solving abilities, with attention to detail and accuracy.
• Security Tools Experience: Proficiency in using security monitoring tools (SIEM, XDR, EDR, NDR) for incident response and threat detection.
• Knowledge in Security Testing: Basic understanding or experience with penetration testing processes.
• Communication: Ability to present technical findings effectively to both technical and non-technical stakeholders, with excellent verbal and written communication skills.
• Professional Development: A strong commitment to continuous learning, with a preference for certified training (e.g., CISSP, IT Security Expert).
• Language Skills: Advanced proficiency in both English and German.

• Incident Investigation and Response: Lead the investigation of security incidents in our environment, prioritizing responses based on severity and impact and collaborate with stakeholders to deliver well-structured forensic reports and risk assessments.
• Security Monitoring and Threat Analysis: Monitor and analyze trends and potential security threats in the landscape, using a variety of IT Security tools to maintain robust situational awareness.
• Controls Implementation and Maintenance: Design, implement, and maintain security controls across all systems and networks to adhere to best practices and regulatory requirements (ISO 27001, NIS2, HITRUST).
• Standards and Process Improvement: Work with team members to enhance existing security architectures, standards, and processes to ensure they meet regulatory requirements.
• Proactive Threat Detection: Utilize SIEM, XDR, EDR, and NDR stacks to monitor for suspicious activity and initiate proactive investigations and threat analysis.
• Security Operations Center (SOC) Contributions: Contribute to SOC operations, helping expand detections and optimize responses across all OSI layers.
• Incident Response Process Optimization: Lead the design and continual improvement of the IT Security incident response process, focusing on response effectiveness and process integration.
• Risk Assessment and Reporting: Conduct detailed risk assessments of security events and communicate insights and risk levels to internal and external stakeholders.
• Software Security Analysis: Analyze security events related to software usage, presenting insights and findings to stakeholders to inform our security posture.