Security Operations Center Analyst

You will

• Analyze the infrastructure of the company and find useful event sources that may aid in threat detection.
• Evaluate EDR solutions against adversaries' TTPs, find detection gaps, and tune configurations.
• Emulate adversary TTPs and various threats to find detection ideas and useful telemetry.
• Conduct detection engineering and threat research to write precise and balanced detection rules.
• Conduct threat-hunting exercises using your curiosity and a hypothesis-driven approach.
• Constantly tune detection rules to minimize the False-positive rate and maintain a high threat coverage rate.
• Work closely with the infrastructure and application security teams to provide your feedback based on SOC-collected telemetry.
• Leverage Threat Intelligence analysis to learn new detection ideas and improve your knowledge of the current threat landscape.
• Conduct live incident response in order to define the scope, investigate, contain and remediate cyber threats.
• Collect and analyze digital forensic artifacts.
• Reverse engineer malware specimens to extract IOAs/IOCs to support triage and incident response procedures.
• Generate detection ideas and design custom detection rules to mitigate various companies' business risks.
• Counter our Red Team and conduct Purple teaming.
• Share your knowledge and experience with junior SOC analysts and mentor them.
• Conduct internal training and cyber defense exercises.

What makes you a great fit

• 5+ years of experience in the information security field.
• 3+ years of experience as a SOC Analyst.
• 2+ years of incident response experience.
• Proficiency in one of the following languages: Go/Python/Bash/Powershell.
• Understand the principles of the modern endpoint protection solutions like EDRs, their capabilities, and their strong and weak sides.
• Understand the main OS security mechanisms and internals: Windows/Linux/macOS (at least one).
• Understand K8s and containerization technologies security mechanisms and internals.
• Understand modern cloud platforms: Azure/AWS/GCP (at least one), their services, sources of events, collection options, possible attacks and detection approaches.
• Understand the current Threat landscape and MITRE ATT&CK TTPs for various endpoint platforms.
• Understand network security, the main protocols, attacks, detection approaches and solutions.
• Ability to think like an adversary in order to predict its behavior and possible attack vectors.
• Ability to react rapidly and quickly make decisions during incident response.
• Hands-on experience with Sysmon, Auditbeat/OSquery, Cloud platforms, Elastic Stack/Splunk.
• Hands-on experience with forensics and malware analysis.
• Broad spectrum of tech knowledge in the following areas (at least part of the list): Linux, Docker, Kubernetes, Cisco ASA, Palo Alto, macOS, Microsoft Windows/Active Directory, SSO, Office 365/Google Workspace.
• Ability to leverage business communication skills to inform, convince, and educate stakeholders, employees, and leadership to enable effective information security activities and processes.
• Ability to solve complex tasks in cooperation with other security and business divisions.
• Ability to work with high autonomy in compliance with deadlines.
• Proficiency in English (Upper-Intermediate or higher).
• A general acquaintance with regulatory frameworks and compliance requirements associated with financial services is a plus.
• Industry certifications like OSCP, OSEP, OSMR, PACES, OSDA, eCPTX, GCFA is a big plus.
• Purple teaming experience is a plus.
• Work experience with modern offensive frameworks like CobaltStrike, BruteRatel, Nighthawk is a big plus.
• Azure/AWS/GCP/K8s security or administration certifications are a big plus.

What we offer along the way

• Competitive and attractive compensation.
• Extensive learning opportunities, such as professional training and certifications, soft skill development, free English courses, and trading workshops.
• Health and life insurance for employees, spouses, and children, including vaccinations, tests, mental health care, and coverage for vision and dental care.
• Generous time off, including 21 days of annual leave and paid sick leave.
• Flight tickets, hotel, or apartment accommodation for your first month, migration support, and legal help for you and your family.
• Outstanding team-building experiences and Exness community gatherings.

Your journey after applying

• First interview with your Recruiter (up to 45 minutes).
• Short online English test (for non-native speakers).
• Technical interview (1 hour).
• Final interview (1 hour).