Senior SOC Engineer

• Develop, review and improve correlation rules for SIEM to detect malicious activity in different parts of infrastructure
• Review and update response playbooks for SIEM alerts and information security incidents
• Develop new microservices to automate SOC tasks and duties and improve existing ones in terms of stability, efficiency and scalability
• Analyze the current SOC activities, generate the automation proposals, develop the architecture of future solutions
• Research the new technologies and their applicability in SOC, lead the implementation of such technologies
• Respond to SIEM alerts and participate in security incidents investigations together with other members of the SOC team

Who we are looking for:

• Experience working with at least one of the popular SIEM solutions (Splunk, ArcSight ESM, QRadar, etc.) as an engineer or analyst
• Experience in developing and optimizing SIEM correlation rules to detect malicious activity
• Understanding of tactics, techniques and procedures (in accordance with the MITER Attack matrix) used at different stages of hacker attacks (initial access, lateral movement, privilege escalation, persistence, etc)
• Middle and higher Python level
• Experience designing simple, scalable, and efficient microservices in Python or Golang
• Ability to work with documentation (+ ability to quickly understand any library)
• Experience with Github or Gitlab
• English at the level of reading technical documentation

What makes you a better fit:

• Experience in developing detection rules for SIEM for Cloud (AWS/GCP) and Kubernetes infrastructure
• Knowledge and experience with asynchrony mechanisms in Python (asyncio, aiohttp, FastApi)
• Ability to build modular and extensible architecture, experience in using various architectural patterns
• Experience with Github Actions, Gitlab CI or other CI/CD systems
• Experience with Docker, writing Docker-compose files
• Experience writing Helm Charts, deploying services in K8S via Helm

• Professional certificates in practical information security in offensive and defensive areas
  

  Skills Tags: Splunk, SIEM, Linux, Falco, Osquery, Auditd, Docker, Kubernetes, Helm, AWS, GCP, Python, Golang, Windows, Sysmon, Elastic, Mitre Attack, MacOS, Github, Ansible, Terraform

• Relocation to company offices in Cyprus;
• Modern MacBook Pro and other equipment necessary for work;
• Unlimited opportunities for professional and career growth, regular external and internal training from our partners;
• Personal growth programs in which we set goals and move towards them together;
• Become part of an international team of professionals and just good people who together create one of the coolest success stories in the global IT industry.