SOC Engineer

Responsibilities

• Responding to SIEM alerts and participation in security incidents investigations with other members of the SOC team.
• Reviewing, improving and creation of detection rules for SIEM to detect malicious activity in different parts of infrastructure and corporate systems.
• Reviewing, updating and creation of response playbooks for the SIEM alerts and information security incidents.
• Development of Threat Intelligence and Threat Hunting technologies and processes, formation of hypotheses on threats and attacks, their verification based on available logs.
• Researching of new technologies and approaches and their applicability in SOC, participation in the implementation process of such technologies.
• Development of scanning and vulnerability management processes for external and internal perimeters.

Qualifications

• Experience working with at least one of the popular SIEM solutions (Splunk, ArcSight ESM, IBM QRadar, Elastic Security, etc.) as an engineer or analyst for 2 years and more.
• Experience in developing and improving SIEM correlation rules to detect malicious activity for different IT environments (not only adapting public rules like Sigma).
• Understanding of tactics, techniques, and procedures (in accordance with the MITRE ATT&CK matrix) used at different stages of hacker attacks (initial access, lateral movement, privilege escalation, persistence, etc.) and ability to.
• Experience with security tools for Linux servers (like system calls audit tools, security/observability tools) and user workstations (like Antivirus, EDR, MDM, etc.), experience in developing detection rules for them and the ability to properly analyse the events.
• Experience in participating in incident response processes, good understanding of the various stages of response.
• Basic reading and speaking English level (B1+).

What makes you a better fit

• Experience in developing detection rules with SIEM for cloud environments (like AWS or GCP) and Kubernetes-based infrastructure.
• Good understanding of data normalization processes, knowledge of different data normalization schemes (like ECS or CIM) and the ability to adapt the logs collected in SIEM to such schemes.
• Experience in implementation of Threat Intelligence and Threat Hunting processes and a good understanding of the details in them.
• Experience with various tools for isolating an environment and collecting artefacts for subsequent analysis (forensics) for incident response (for Linux, MacOS, or Windows).
• Experience with SOAR-like workflows and systems for enrichment and automated response actions.
• Middle or higher Python level, experience of development of any automations.
• Experience with GitHub Actions, Gitlab CI or other CI/CD systems.
• Professional certificates in practical information security in offensive and defensive areas (Offensive Security, SANS, practical EC Council, INE, etc.).

Conditions

• Stable salary, official employment.
• Health insurance.
• Hybrid work mode and flexile schedule.
• Relocation package offered for candidates from other regions.
• Access to professional counseling services including psychological, financial, and legal support.
• Discount club membership.
• Diverse internal training programs.
• Partially or fully paid additional training courses.
• All necessary work equipment.