Cyber Security Specialist

Job Description
The LEGO Group is a leading manufacturing company committed to ensuring the highest standards of cybersecurity. We are seeking a skilled and experienced Tier 2 Security Operations Center (SOC) Analyst to join our dynamic team. As a key player in our security operations, you will be responsible for advanced threat detection, incident analysis, and response to ensure the resilience of our information systems.

Location can be based either in Billund Campus or Copenhagen Digital Hub.

Please note there is no relocation budget for this position.

Job Overview:
The Tier 2 SOC Analyst at the LEGO group will be a crucial part of our security team, focusing on monitoring, analyzing, and responding to security incidents escalated from the Tier 1. This role requires a deep understanding of cybersecurity principles, incident response, and the ability to work collaboratively with the Tier 1 SOC team and other cybersecurity professionals.

Key Responsibilities:

Incident Analysis and Response:

• Conduct in-depth analysis of security events escalated from Tier 1 SOC analysts.
• Investigate and respond to security incidents, identifying the root cause, and implementing remediation actions.

Threat Detection and Mitigation:

• Utilize advanced security tools and technologies to detect and mitigate sophisticated cyber threats.
• Collaborate with the Tier 1 SOC team to enhance detection capabilities and contribute to the development of security playbooks.

Security Tool Management:

• Monitor and manage security information and event management (SIEM) tools, intrusion detection/prevention systems, and other security technologies.
• Ensure the proper tuning and configuration of security tools for optimal performance.

Collaboration and Knowledge Sharing:

• Work closely with cross-functional teams, including incident response, threat intelligence, and IT teams, to coordinate and execute response efforts.
• Share knowledge and mentor Tier 1 SOC analysts to enhance overall team capabilities.

Reporting and Documentation:

• Prepare detailed reports on incident analysis, response activities, and recommendations for continuous improvement.
• Maintain accurate and up-to-date documentation of incident response procedures and actions taken.

Technology experience:

• MS Security tools; Defender for Endpoints, Sentinel
  
• KQL use
• O365, Azure AD, Confluence

Qualifications:

• Bachelor’s degree in computer science, Information Security, or a related field. Relevant certifications such as CompTIA Security+, CISSP, or GIAC is highly desirable.
• Minimum of 3 years of experience in a SOC environment, with a focus on incident analysis and response.
• Proficient in using SIEM tools, IDS/IPS, and other security technologies.
• Strong understanding of cybersecurity principles, threat landscape, and attack vectors.
• Excellent analytical and critical thinking skills.
• Effective communication skills and the ability to work collaboratively in a team environment.

Nice to have:

• Experience with cloud security tools from vendors like AWS (Cloudtrail, GuardDuty)
• Building detection rules and use cases in tools like MS Defender and MS Sentinel
• SANS 504, 508
• Familiarity with Elastic, Elastic SIEM

#LI-BL1

Applications are reviewed on an ongoing basis. however, please note we do amend or withdraw our jobs and reserve the right to do so at any time, including prior to any advertised closing date. So, if you're interested in this role we encourage you to apply as soon as possible.

What’s in it for you?

Here is what you can expect:

Family Care Leave - We offer enhanced paid leave options for those important times.

Insurances – All colleagues are covered by our life and disability insurance which provides protection and peace of mind.

Wellbeing - We want our people to feel well and thrive. We offer resources and benefits to nurture physical and mental wellbeing along with opportunities to build community and inspire creativity.

Colleague Discount – We know you'll love to build, so from day 1 you will qualify for our generous colleague discount.

Bonus - We do our best work to succeed together. When goals are reached and if eligible, you'll be rewarded through our bonus scheme.

Workplace - When you join the team you'll be assigned a primary workplace location i.e. one of our Offices, stores or factories. Our hybrid work policy means an average of 3 days per week in the office. The hiring team will discuss the policy and role eligibility with you during the recruitment process.

Children are our role models. Their curiosity, creativity and imagination inspire everything we do. We strive to create a diverse, dynamic and inclusive culture of play at the LEGO Group, where everyone feels safe, valued and they belong.

The LEGO Group is highly committed to equal employment opportunity and equal pay and seeks to encourage applicants from all backgrounds (eg. sex, gender identity or expression, race/ethnicity, national origin, sexual orientation, disability, age and religion) to apply for roles in our team.

Research shows that women and people from different minority backgrounds often only apply for a job if they meet 100% of the listed qualifications. If you dream of being a part of our team and you meet many, but not all of our listed qualifications for this role, please apply.

The LEGO Group is fully committed to Children’s Rights and Child Wellbeing across the globe. Candidates offered positions with high engagement with children are required to take part in Child Safeguarding Background Screening, as a condition of the offer.

Thank you for sharing our global commitment to Children’s Rights.

Just imagine building your dream career.

Then make it real.

Join the LEGO® team today.

• Location
  • Billund, Denmark
  • Copenhagen, Denmark
• Job ID:
  0000014233
• Category
  IT, Telecom & Internet