Responsibilities: Manage the full lifecycle of security incidents
Improve incident management processes
Investigate alerts generated by various security tools and monitor events from critical infrastructure components
Automate the processes of alert investigation, processing, remediation, containment, recovery, and incident management
Coordinate remediation activities and recovery operations during security incidents
Optimize and improve SIEM alert logic, automation rules, playbooks, and processes
Coordinate threat hunting procedures and implement/maintain threat intelligence processes
Implement purple team activities from scratch
Coordinate Layer 1 analysts
Prepare consolidated reports for the SOC manager/team lead
Maintain SOC documentation
Handle other InfoSec tasks

Requirements: Practical experience managing and supporting the IT infrastructure of medium and large organizations, including the management and implementation of network security and endpoint protection products
Solid understanding of infrastructure management solutions
Hands-on experience with cloud environments (MS Azure)
Basic hands-on experience with cloud environments (AWS and GCP)
Hands-on experience or a strong understanding of modern routing and switching networking concepts, with a solid understanding of the OSI model and underlying protocols (DNS, DHCP, SSL, HTTPS, FTP, email protocols, etc.)
Practical experience with the following security solutions stack: IPS/IDS, EDR/XDR/HIDS, WAF, proxy, firewalls, SIEM, SOAR
Proven experience with modern SIEM systems (managing data sources, onboarding and parsing raw logs, creating alert rules, maintaining solutions, troubleshooting systems, etc.)
Understanding of penetration testing, vulnerability management, malware analysis, and reverse engineering techniques
Good communication skills
Fast learner
Strong desire to develop in the field of information security
Stress-resistant and creative

SOC Analyst

Apply for this position