Who we are looking for: Experience working with at least one of the popular SIEM solutions (Splunk, ArcSight ESM, IBM QRadar, Elastic Security, etc.) as an engineer or analyst for 2 years and more.
Experience in developing and improving SIEM correlation rules to detect malicious activity for different IT environments (not only adapting public rules like Sigma).
Understanding of tactics, techniques and procedures (in accordance with the MITRE Attack matrix) used at different stages of hacker attacks (initial access, lateral movement, privilege escalation, persistence, etc.) and ability to.
Experience with security tools for Linux servers (like system calls audit tools, security/observability tools) and user workstations (like Antivirus, EDR, MDM, etc.), experience in developing detection rules for them and the ability to properly analyze the events.
Experience in participating in incident response processes, good understanding of the various stages of response.
Basic reading and speaking English level (B1+)
What makes you a better fit: Experience in developing detection rules with SIEM for cloud environments (like AWS or GCP) and Kubernetes-based infrastructure.
Good understanding of data normalization processes, knowledge of different data normalization schemes (like ECS or CIM) and the ability to adapt the logs collected in SIEM to such schemes.
Experience in implementation of Threat Intelligence and Threat Hunting processes and a good understanding of the details in them.
Experience with various tools for isolating an environment and collecting artifacts for subsequent analysis (forensics) for incident response (for Linux, macOS or Windows).
Experience with SOAR-like workflows and systems for enrichments and automated response actions.
Middle or higher Python level, experience in development of any automations.
Experience with GitHub Actions, GitLab CI or other CI/CD systems.
Professional certificates in practical information security in offensive and defensive areas (Offensive Security, SANS, practical EC Council, INE, etc.)
Qualifications
Responsibilities – Responding to SIEM alerts and participation in security incidents investigations with other members of the SOC team.
Reviewing, improving and creation of detection rules for SIEM to detect malicious activity in different parts of infrastructure and corporate systems.
Reviewing, updating and creation of response playbooks for the SIEM alerts and information security incidents.
Development of Threat Intelligence and Threat Hunting technologies and processes, formation of hypotheses on threats and attacks, their verification based on available logs.
Researching of new technologies and approaches and their applicability in SOC, participation in the implementation process of such technologies.
Development of scanning and vulnerability management processes for external and internal perimeters.
Conditions & Benefits
Stable salary, official employment.
Health insurance.
Hybrid work mode and flexible schedule.
Relocation package offered for candidates from other regions.
Access to professional counseling services including psychological, financial, and legal support.
Discount club membership.
Diverse internal training programs.
Partially or fully paid additional training courses.