SOC Engineer

Employer: US-based cybersecurity company headquartered in New York City

Location: Remotely from Poland, business trips up to 10% of working time

Rate: 45 - 55 USD per hour + VAT

Working time: 15:00- 23:00 (Polish time) 

Cooperation model: B2B

Start date: ASAP

Recruitment process: 2-3 interviews (screening and two technical interviews about 30 min)

Our Client is a US-based cybersecurity company headquartered in New York City whose mission is to support its clients in mitigating cyber threats. They are focused on three main areas: Cyber Breach Response, Cloud Security Services, and Proactive Cyber Services. Their military-grade professionals have decades of experience in cyber operations and apply their knowledge of the attacker perspective to facilitate efficient, effective, and scalable responses to cyber breaches. Their growing team combines operational and technological disciplines with instinctual methods to keep their client’s information safe.

Your role is:

-> To set up SIEM and SOAR solutions;

-> To perform testing and validation for SIEM and SOAR implementations; 

-> To create detection use cases and implement SIEM detection rules;

-> To integrate log sources with the SIEM, optimizing log ingestion and processing;

-> To produce reports tailored for both technical and non-technical staff and stakeholders;

-> To keep current with SIEM technologies and continuously seek opportunities for improvement.

Your skills and experiences:

->Min. 2 years of experience with one or more SIEM solutions (such as Azure Sentinel, Splunk, Google SecOps, QRadar, ArcSight, etc.);

-> Fundamental understanding of at least one cloud platform (such as GCP or Azure);

-> Fundamental knowledge of Windows, Linux, database, and network device monitoring and logging techniques;

-> Technical expertise in Internet security, network protocols, and related technologies, including IDS/IPS, firewalls, content filtering, network behavior analysis tools, anti-malware, and packet inspection;

-> Fundamental knowledge of host and network security hardening, as well as common security risk management concepts

-> Strong English skills (C1).

Nice to have:

+ Expertise in scripting and automation (e.g., Python, PowerShell), and developing API integrations with SIEM/SOAR;

+ Knowledgeable about attack frameworks and knowledge bases, including the MITRE ATT&CK framework, CAPEC, and others;

+ Experience utilizing AI assistance in daily security operations;

+ Experience with one or more SIRP/SOAR tools (such as Google SecOps SOAR, TheHive, Cortex, Splunk Phantom, Demisto/XSOAR, Resilient, etc.);

+ Familiarity with Splunk Search Processing Language (SPL), Splunk Common Information Model (CIM), YARA-L 2.0, Unified Data Model (UDM), and Kusto Query Language (KQL).

Our client offers:

+ A possibility to join a team of security consultants investigating computer crimes and breaches that make the headlines – and many more that don’t;

+ Great opportunity for personal development in a stable and friendly multinational company;

+ Competitive salary;

+ Remote work together with participation in global projects;

+ A possibility of growing your craft alongside like-minded professionals

If interested, please apply safely through this portal (application rules are in accordance with GDPR). Employment agency Nr 17138.