top of page

Lead Security Analyst - Smart City

Łódź, Poland (Hybrid)

Full Time

About the Job

Hey! Nice to see you!


Let’s share our stories to get to know each other better…. We are business and technology enthusiasts constantly hungry for new challenges, self- and development, and nothing motivates us more than great software products and happy customers.


At Incubly, we believe that great people want to work with great people, so we started to build a company that would attract great minds and that we could achieve everything without feeling that we work but just having fun….


Our mission is to mainly support tech companies and startups (scaleups) in scaling up their teams quickly and with high quality and boosting their product development, testing, and deployment so that we can succeed together.


We are working with a fast-growing technology company committed to protecting its digital assets and maintaining a secure environment for its customers and employees. We seek a highly experienced and exceptionally skilled Lead Security Analyst to join our Security Operations team. 


This is a critical role that will be instrumental in shaping the future of our security posture. We need an expert who can take the reins and elevate our detect and respond capabilities to the next level. This position demands a deep understanding of security principles, a proven track record of success, and the ability to lead in a fast-paced, dynamic environment. You will be responsible for designing, implementing, and managing security monitoring, threat intelligence, incident response, and vulnerability management processes. If you are a security leader with a passion for building world-class security programs and thrive on tackling complex challenges, we encourage you to apply.

Your daily responsibilities

Architect and Implement Detect and Respond Capabilities:


  • Develop a comprehensive and cutting-edge detect and respond program, encompassing people, processes, and technology.

  • Evaluate, select, and implement advanced security monitoring tools (SIEM, EDR, etc.) and ensure seamless integration with our existing infrastructure.

  • Establish proactive threat intelligence processes to identify and mitigate emerging threats, with a focus on advanced persistent threats (APTs).

  • Define and refine incident response playbooks and procedures, incorporating industry best practices and innovative approaches.

  • Conduct regular security assessments, vulnerability scans, and penetration testing to proactively identify weaknesses and vulnerabilities.

  • Lead complex incident response efforts, from triage and investigation to containment, eradication, and recovery, ensuring minimal business impact.

  • Perform thorough post-incident analysis to identify root causes and drive continuous improvement, leveraging advanced forensic techniques.


Expand Detect and Respond Capabilities Company-Wide:


  • Champion security awareness and best practices across the organization through comprehensive training programs and collaborative initiatives.

  • Provide expert guidance on security incident response and threat mitigation to different teams, fostering a security-first culture.

  • Partner with IT and engineering teams to integrate security controls into systems and applications throughout the software development lifecycle.

  • Continuously evaluate and improve the effectiveness of the detect and respond program, staying abreast of industry trends and emerging technologies.


Lead SecOps and Detect and Respond Capabilities:


  • Provide technical leadership and mentorship to security analysts, fostering their professional development and expertise.

  • Mentor and coach team members, providing guidance and support to help them grow their skills and knowledge in security operations and incident response.

  • Foster strong collaboration with internal teams, Managed Security Service Providers (MSSPs), and other stakeholders to ensure a unified security posture.

  • Communicate security risks and recommendations to senior management, influencing strategic decision-making.

We need you to have

Extensive Experience: 10+ years of proven experience in security operations, with a strong emphasis on detect and respond, preferably in a complex and dynamic environment.


 Technical Expertise:


  • Expert-level understanding of security principles, best practices, and common security architectures.

  • In-depth knowledge of advanced attack vectors, threat actor TTPs, and cyber kill chain methodologies.

  • Hands-on experience with a wide range of security monitoring tools (SIEM, IDS/IPS, EDR, SOAR, etc.).

  • Strong understanding of networking concepts, protocols (TCP/IP, DNS, HTTP, etc.), and network security, including cloud networking.

  • Expertise in log analysis, interpretation, and correlation, utilizing advanced analytics and threat-hunting techniques.

  • Deep familiarity with cloud security concepts, tools, and best practices (AWS, Azure, GCP).


Leadership and Communication Skills:


  • Demonstrated ability to lead and mentor high-performing security teams, specifically in the areas of SecOps and detect and respond.

  • Excellent communication and interpersonal skills, with the ability to articulate complex technical concepts to both technical and non-technical audiences, including executive leadership.

  • Strong analytical and problem-solving abilities, with a proven track record of resolving complex security incidents.

Would be great if you have

  • Experience with Crowdstrike, Rapid7, Digital Shadows, and native cloud security tools is highly desired.

  • One or more relevant security certifications are highly preferred, such as:


○ CISSP/ CISM/ GCIA/ GCIH

○ AWS Certified Security - Specialty

○ Certified Cloud Security Professional (CCSP)

 Our Architecture and Technology Stack

Security Tools & Platforms

  • SIEM: Splunk, Microsoft Sentinel, IBM QRadar

  • EDR/XDR: CrowdStrike Falcon, Microsoft Defender, SentinelOne

  • IDS/IPS: Snort, Suricata, Palo Alto Threat Prevention

  • Cloud Security: AWS Security Hub, Azure Defender, Google Chronicle

  • Vulnerability Management: Rapid7 InsightVM, Nessus, Qualys

  • Threat Intelligence: Digital Shadows, MISP, Recorded Future


Key Protocols & Frameworks

  • Network Protocols: TCP/IP, DNS, HTTP, VPN, TLS/SSL

  • Security Frameworks: MITRE ATT&CK, Cyber Kill Chain, Zero Trust

  • Compliance: PCI DSS, ISO 27001, NIST CSF

  • Cloud Security & DevSecOps: CI/CD security integration, IaC (Terraform, Ansible)

  • Threat Hunting & Incident Response: YARA, Sigma, Velociraptor


Architecture Overview

  • Hybrid Security Model: On-prem & cloud security integration

  • Proactive Threat Detection: AI-driven analytics, threat intelligence automation

  • Security Operations Leadership: MSSP collaboration, SecOps strategy

Our offer

In addition to great company and challenging projects, we can offer much, much more:

  • Knowledge sharing within our company

  • Agile and friendly atmosphere, non-violent communication and full respect for diversity

  • Hybrid work model, with at least two days per week in our Łódź office.

  • Remuneration on B2B contract: 1.200 - 1.500 PLN net/day or 19.000- 24.000 PLN gross on Employment Agreement (UoP)

  • Possibility to engage not only technically, but also have an impact on the small company culture

Find us

React Łódź
ul. Piłsudskiego 24
90-368 Łódź

Poland

Contact us

  • Biały LinkedIn Icon

© 2022 by Incubly

bottom of page