Senior SOC Engineer

You will

• Develop, review and improve correlation rules for SIEM to detect malicious activity in different parts of infrastructure.
• Review and update response playbooks for SIEM alerts and information security incidents.
• Develop new microservices to automate SOC tasks and duties and improve existing ones in terms of stability, efficiency, and scalability.
• Analyze the current SOC activities, generate the automation proposals, develop the architecture of future solutions.
• Research the new technologies and their applicability in SOC, lead the implementation of such technologies.
• Respond to SIEM alerts and participate in security incidents investigations together with other members of the SOC team.

Qualifications

• Experience working with at least one of the popular SIEM solutions (Splunk, ArcSight ESM, QRadar, etc.) as an engineer or analyst.
• Experience in developing and optimizing SIEM correlation rules to detect malicious activity.
• Understanding of tactics, techniques, and procedures (in accordance with the MITER Attack matrix) used at different stages of hacker attacks (initial access, lateral movement, privilege escalation, persistence, etc.).
• Middle and higher Python level.
• Experience designing simple, scalable, and efficient microservices in Python or Golang.
• Ability to work with documentation (+ ability to quickly understand any library).
• Experience with GitHub or Gitlab.
• English at the level of reading technical documentation.

What makes you a better fit:

• Experience in developing detection rules for SIEM for Cloud (AWS/GCP) and Kubernetes infrastructure.
• Knowledge and experience with asynchrony mechanisms in Python (Asyncio, Aiohttp, FastAPI).
• Ability to build modular and extensible architecture, experience in using various architectural patterns.
• Experience with GitHub Actions, Gitlab CI or other CI/CD systems.
• Experience with Docker, writing Docker Compose files.
• Experience writing Helm Charts, deploying services in K8S via Helm.
• Professional certificates in practical information security in offensive and defensive areas.

Conditions

• Relocation to company offices in Cyprus or Kazakhstan.
• Modern MacBook Pro and other equipment necessary for work.
• Unlimited opportunities for professional and career growth, regular external and internal training from our partners.
• Personal growth programs in which we set goals and move towards them together.
• Opportunity to become part of an international team of professionals and just good people who together create one of the coolest success stories in the global IT industry.