Extelligence is an intelligent partner that goes the extra mile. We provide customized information management solutions for major industries. Our team in Prague and Bucharest is working with international companies, transforming, and adding value to their business on a daily basis. We are growing quickly, and we are interested to bring more talented individuals into our team. 

Security Operations Specific activities:

While/when the volume of incoming incidents/alerts for triage permits, the team will be responsible for regular healthchecks on the security technical components that are in direct relation to their activity.

Those include but are not limited to:

• Log Ingestion Stack (Splunk,Cribl)
  • Validating system alerts regarding log congestion or loss of logs.
  • Engaging and gathering initial information for the responsible SME team.
• Forwarding stack (Splunk,Cribl)
  • Notify SME teams on the loss of a certain log type from one or more locations.
• Correlation and Detection stack (Splunk, Anvilogic, Tanium, TrendMicro XDR)
  • Identify detections that have low/zero return rate and needs to be checked/fixed.
  • Notify the SME team regarding important fluctuations in the alert trend by type.
• Inform on any identified areas deviating from the hardenning and logging baseline.
  • Ex: While gathering information on a specific incident , you notice that EDR/AV agent is missing, Splunk UF agent is missing, logging/hardening not configured correctly,etc.
• Support and coordinate internal and external vulnerability remediation. 
• Contribute to improving and maintaining SOP and WIs for the Vulnerability Management Process.
• Improve vulnerability remediation compliance.

 Responsibilities:

• Helps determine logistical and demographical information to ascertain the extent and severity of damage or compromise.
• Information provided by LoBs will be utilized to determine specific additional response procedures and forensic requirements.
• Provides domain knowledge, support, and Subject Matter Experts (SMEs) for assets and networks when GSO is leading an investigation.
• Responsible for operational monitoring, investigating incidents up to the point of a suspicion of a malicious action/security incident.
• Accesses systems to collect additional information as needed.
• Partners on strategy and enables containment (IP/Domain/System/User blocking).
• Responsible for the remediation of any findings regarding security incidents and vulnerabilities.
• Responsible for initiation of backup, recovery, and continuity processes and procedures.
• Ensures operational team members and other personnel are educated in how to report a cybersecurity incident and how to preserve evidence.
• Reports all incidents with potential breach notification requirements.
• Partners with GSO “Central Playbook Team” (CPT) to help develop detections*.
• Ensures documentation for the LOB environment is complete and up to date. Items include, but not limited to:
  • Inventory of critical systems.
  • Architecture & Network connectivity.
  • Change management processes.
  • Contacts and 24/7 call tree information provided to the GSO IR Team in preparation.
• Business Information Security Officer (BISO) Engagement.

Working with Extelligence:

• We take care of the important things that matter to contractors, for example, we guarantee on-time payment for your work. You will never have to chase us for payment.
• We always seek to have long term relationships with our team and we always seek to offer opportunities to extend cooperation beyond the first contract or project.
• Extelligence is a multicultural team, we have more than 15 different nationalities working with us.
• We also organize events to bring our team together including team building activities and social events.