Senior SOC Engineer
inDrive
Poland
Posted on Mar 19, 2026
The SOC (Security Operations Center) team is responsible for monitoring and responding to security incidents across the company’s infrastructure. The team analyzes alerts, investigates suspicious activity, and maintains detection rules, response runbooks, and SIEM tools (including Splunk). They also improve detection capabilities, conduct threat hunting, and collaborate with engineering teams to strengthen security monitoring across Linux systems, cloud environments, and microservices.
- Department
- Information Security Department
- Employment Type
- Full Time
- Location
- Kazakhstan
- Address
- Almaty, Almaty Special District
- Workplace type
- Hybrid
Key Responsibilities
- Act as the L3 escalation point for complex security incidents and lead advanced investigations.
- Design and mature SOC processes, operational metrics, and contribute to the overall SOC architecture and detection strategy.
- Design, implement, and improve SIEM detection rules and response playbooks using a Detection as Code (DaC) approach.
- Translate MITRE ATT&CK tactics into practical detection logic across Linux, Cloud (AWS/GCP), and microservices environments.
- Drive hypothesis-based threat hunting activities to identify sophisticated, hidden attacker behavior.
- Collaborate with cross-functional and platform teams to streamline SOC workflows, improve alert enrichment, and enhance security visibility.
Skills, Knowledge and Expertise
- 5–7+ years of experience working in Security Operations Center environments, with strong hands-on experience at the SOC L3 level.
- Proven track record of building and improving SOC processes, metrics, and overall detection architecture.
- Expert-level knowledge of SIEM platforms (Splunk, Elastic, etc.), including complex correlation queries, data parsing, and normalization.
- Deep, confident knowledge of Linux systems, including host-level telemetry, container runtimes, and Kubernetes security telemetry (e.g., eBPF-based monitoring).
- Practical experience with Detection as Code methodologies and version control systems (Git).
- Deep understanding of attacker TTPs (MITRE ATT&CK) and the full incident response lifecycle.
- Strong knowledge of Cloud security monitoring (AWS and/or GCP).
Nice to have
- Experience with CI/CD pipelines (GitHub Actions) for security content deployment.
- Experience building or maturing Threat Intelligence and Threat Hunting processes, including hypothesis-driven investigations.
- Relevant security certifications (SANS, Offensive Security, Linux Foundation).
Conditions & Benefits
- Stable salary, official employment.
- Health insurance.
- Hybrid work mode and flexible schedule.
- Relocation package offered for candidates from other regions.
- Access to professional counseling services including psychological, financial, and legal support.
- Discount club membership.
- Diverse internal training programs.
- Partially or fully paid additional training courses.
- All necessary work equipment.
About inDrive
inDrive is a global tech company on a mission to challenge injustice. We started in 2012 in the coldest city on Earth, when a group of friends created a way for people to agree on fair ride prices. That idea grew into one of the world’s top ride-hailing apps, now with 360M installs across 48 countries.
Today, we offer more than rides: from freight and delivery to intercity travel and financial services, all designed to put people first. Our goal is to positively impact 1 billion lives by 2030. Through inVision, our non-profit arm, we support education, entrepreneurship, and equality in underserved communities.
Ready to ignite your inner drive?
Our Hiring Process
Stage 1:
Applied
Stage 2:
Interview with Talent Acquisition
Stage 3:
Technical Interview
Stage 4:
Hiring Manager Interview
Not quite right? Register your interest to be notified of any roles that come along that meet your criteria.
