📍 ГрузияКазахстанПомощь с переездом
Специализация
Information Security
Английский
B1 — IntermediateB1 — Intermediate
Stack
SIEMSplunkArcSight ESMIBM QRadarElastic SecurityAntivirusEDRMDMLinux
We are looking for a SOC Engineer to join the team Infra Security.
Responsibilities
- Responding to SIEM alerts and participation in security incidents investigations with other members of the SOC team.
- Reviewing, improving and creation of detection rules for SIEM to detect malicious activity in different parts of infrastructure and corporate systems.
- Reviewing, updating and creation of response playbooks for the SIEM alerts and information security incidents.
- Development of Threat Intelligence and Threat Hunting technologies and processes, formation of hypotheses on threats and attacks, their verification based on available logs.
- Researching of new technologies and approaches and their applicability in SOC, participation in the implementation process of such technologies.
- Development of scanning and vulnerability management processes for external and internal perimeters.
Qualifications
- Experience working with at least one of the popular SIEM solutions (Splunk, ArcSight ESM, IBM QRadar, Elastic Security, etc.) as an engineer or analyst for 2 years and more.
- Experience in developing and improving SIEM correlation rules to detect malicious activity for different IT environments (not only adapting public rules like Sigma).
- Understanding of tactics, techniques, and procedures (in accordance with the MITRE ATT&CK matrix) used at different stages of hacker attacks (initial access, lateral movement, privilege escalation, persistence, etc.) and ability to.
- Experience with security tools for Linux servers (like system calls audit tools, security/observability tools) and user workstations (like Antivirus, EDR, MDM, etc.), experience in developing detection rules for them and the ability to properly analyse the events.
- Experience in participating in incident response processes, good understanding of the various stages of response.
- Basic reading and speaking English level (B1+).
What makes you a better fit
- Experience in developing detection rules with SIEM for cloud environments (like AWS or GCP) and Kubernetes-based infrastructure.
- Good understanding of data normalization processes, knowledge of different data normalization schemes (like ECS or CIM) and the ability to adapt the logs collected in SIEM to such schemes.
- Experience in implementation of Threat Intelligence and Threat Hunting processes and a good understanding of the details in them.
- Experience with various tools for isolating an environment and collecting artefacts for subsequent analysis (forensics) for incident response (for Linux, MacOS, or Windows).
- Experience with SOAR-like workflows and systems for enrichment and automated response actions.
- Middle or higher Python level, experience of development of any automations.
- Experience with GitHub Actions, Gitlab CI or other CI/CD systems.
- Professional certificates in practical information security in offensive and defensive areas (Offensive Security, SANS, practical EC Council, INE, etc.).
Conditions
- Stable salary, official employment.
- Health insurance.
- Hybrid work mode and flexile schedule.
- Relocation package offered for candidates from other regions.
- Access to professional counseling services including psychological, financial, and legal support.
- Discount club membership.
- Diverse internal training programs.
- Partially or fully paid additional training courses.
- All necessary work equipment.