If you received this vacancy from our recruiters — read our Privacy Notice.
Position Overview
You'll take an active part in managing security alerts and incidents, threat hunting, threat intelligence, and purple team activities, as well as optimizing SIEM service, visibility coverage, and other active threat-protection control. In addition, you'll be actively engaged in implementing new and improving existing security controls to detect, prevent, and deter cyberattacks. And you'll have an opportunity to work with modern information security technologies, lead incident management processes, and work in a team of qualified InfoSec professionals.
Working Schedule in UTC -3:
1. Saturday: 2 PM - 2 AM
2. Sunday: 2 PM - 2 AM
3. Monday and Tuesday: Off
4. Wednesday: 12 PM - 6 PM
5. Thursday and Friday: 11 PM - 4 AM
Responsibilities
* Manage the full lifecycle of security incidents
* Improve incident management processes
* Investigate alerts generated by various security tools and monitor events from critical infrastructure components
* Automate the processes of alert investigation, processing, remediation, containment, recovery, and incident management
* Coordinate remediation activities and recovery operations during security incidents
* Optimize and improve SIEM alert logic, automation rules, playbooks, and processes
* Coordinate threat hunting procedures and implement/maintain threat intelligence processes
* Implement purple team activities from scratch
* Coordinate Layer 1 analysts
* Prepare consolidated reports for the SOC manager/team lead
* Maintain SOC documentation
* Handle other InfoSec tasks
Requirements
* Practical experience managing and supporting the IT infrastructure of medium and large organizations, including the management and implementation of network security and endpoint protection products
* Solid understanding of infrastructure management solutions
* Hands-on experience with cloud environments (MS Azure)
* Basic hands-on experience with cloud environments (AWS and GCP)
* Hands-on experience or a strong understanding of modern routing and switching networking concepts, with a solid understanding of the OSI model and underlying protocols (DNS, DHCP, SSL, HTTPS, FTP, email protocols, etc.)
* Practical experience with the following security solutions stack: IPS/IDS, EDR/XDR/HIDS, WAF, proxy, firewalls, SIEM, SOAR
* Proven experience with modern SIEM systems (managing data sources, onboarding and parsing raw logs, creating alert rules, maintaining solutions, troubleshooting systems, etc.)
* Understanding of penetration testing, vulnerability management, malware analysis, and reverse engineering techniques
* Fast learner
* Strong desire to develop in the field of information security
* Stress-resistant and creative
Nice to Have
* Experience in a SOC or similar 24x7 operations center environment
* Hands-on experience with the ELK stack and MS Sentinel is a huge plus
Benefits
* Health insurance: We help you to take out an insurance policy for you and your loved ones
* Sick pay: 10 days without a doctor's note, afterwards - as per the laws of your country
* Pleasant environment: Two large corporate parties and many small get-togethers for colleagues
* Comfort service: Solving technical and everyday problems at work
The benefits package may vary depending on the region and the type of contract.
#J-18808-Ljbffr