If you received this vacancy from our recruiters — read our Privacy Notice.Position OverviewYou'll take an active part in managing security alerts and incidents, threat hunting, threat intelligence, and purple team activities, as well as optimizing SIEM service, visibility coverage, and other active threat-protection control. In addition, you'll be actively engaged in implementing new and improving existing security controls to detect, prevent, and deter cyberattacks. And you'll have an opportunity to work with modern information security technologies, lead incident management processes, and work in a team of qualified InfoSec professionals.Working schedule in UTC -3:Saturday: 2 PM - 2 AMSunday: 2 PM - 2 AMMonday and Tuesday: OffWednesday: 12 PM - 6 PMThursday and Friday: 11 PM - 4 AMResponsibilitiesManage the full lifecycle of security incidentsImprove incident management processesInvestigate alerts generated by various security tools and monitor events from critical infrastructure componentsAutomate the processes of alert investigation, processing, remediation, containment, recovery, and incident managementCoordinate remediation activities and recovery operations during security incidentsOptimize and improve SIEM alert logic, automation rules, playbooks, and processesCoordinate threat hunting procedures and implement/maintain threat intelligence processesImplement purple team activities from scratchCoordinate Layer 1 analystsPrepare consolidated reports for the SOC manager/team leadMaintain SOC documentationHandle other InfoSec tasksRequirementsPractical experience managing and supporting the IT infrastructure of medium and large organizations, including the management and implementation of network security and endpoint protection productsSolid understanding of infrastructure management solutionsHands-on experience with cloud environments (MS Azure)Basic hands-on experience with cloud environments (AWS and GCP)Hands-on experience or a strong understanding of modern routing and switching networking concepts, with a solid understanding of the OSI model and underlying protocols (DNS, DHCP, SSL, HTTPS, FTP, email protocols, etc.)Practical experience with the following security solutions stack: IPS/IDS, EDR/XDR/HIDS, WAF, proxy, firewalls, SIEM, SOARProven experience with modern SIEM systems (managing data sources, onboarding and parsing raw logs, creating alert rules, maintaining solutions, troubleshooting systems, etc.)Understanding of penetration testing, vulnerability management, malware analysis, and reverse engineering techniquesFast learnerStrong desire to develop in the field of information securityStress-resistant and creativeNice to HaveExperience in a SOC or similar 24x7 operations center environmentHands-on experience with the ELK stack and MS Sentinel is a huge plus
#J-18808-Ljbffr