Senior SOC Engineer
inDrive
Limassol, Cyprus
Posted on Monday, April 22, 2024
Senior SOC Engineer
, Limassol
We are looking for a Senior SOC Engineer to join the team Infra Security.
Responsibilities
- Develop, review and improve correlation rules for SIEM to detect malicious activity in different parts of infrastructure
- Review and update response playbooks for SIEM alerts and information security incidents
- Develop new microservices to automate SOC tasks and duties and improve existing ones in terms of stability, efficiency and scalability
- Analyze the current SOC activities, generate the automation proposals, develop the architecture of future solutions
- Research the new technologies and their applicability in SOC, lead the implementation of such technologies
- Respond to SIEM alerts and participate in security incidents investigations together with other members of the SOC team
Qualifications
Who we are looking for:
- Experience working with at least one of the popular SIEM solutions (Splunk, ArcSight ESM, QRadar, etc.) as an engineer or analyst
- Experience in developing and optimizing SIEM correlation rules to detect malicious activity
- Understanding of tactics, techniques and procedures (in accordance with the MITER Attack matrix) used at different stages of hacker attacks (initial access, lateral movement, privilege escalation, persistence, etc)
- Middle and higher Python level
- Experience designing simple, scalable, and efficient microservices in Python or Golang
- Ability to work with documentation (+ ability to quickly understand any library)
- Experience with Github or Gitlab
- English at the level of reading technical documentation
What makes you a better fit:
- Experience in developing detection rules for SIEM for Cloud (AWS/GCP) and Kubernetes infrastructure
- Knowledge and experience with asynchrony mechanisms in Python (asyncio, aiohttp, FastApi)
- Ability to build modular and extensible architecture, experience in using various architectural patterns
- Experience with Github Actions, Gitlab CI or other CI/CD systems
- Experience with Docker, writing Docker-compose files
- Experience writing Helm Charts, deploying services in K8S via Helm
-
Professional certificates in practical information security in offensive and defensive areas
Skills Tags: Splunk, SIEM, Linux, Falco, Osquery, Auditd, Docker, Kubernetes, Helm, AWS, GCP, Python, Golang, Windows, Sysmon, Elastic, Mitre Attack, MacOS, Github, Ansible, Terraform
Conditions & Benefits
- Relocation to company offices in Cyprus;
- Modern MacBook Pro and other equipment necessary for work;
- Unlimited opportunities for professional and career growth, regular external and internal training from our partners;
- Personal growth programs in which we set goals and move towards them together;
- Become part of an international team of professionals and just good people who together create one of the coolest success stories in the global IT industry.