Responsibilities:

• Analyze security events from endpoints (Windows, Mac, Linux), Network IDS, Web-proxies, Mail-gateways, Active Directory infrastructure
• Detect and investigate information security incidents
• Propose Incident response actions and remediation plan.
• Identification of potential vectors of attacks, develop detection methods of these attacks by existing technological solutions
• Adjust detection logic to fit Customer needs (filter out false positives, customize correlation rules, etc)
• Communicate with Customers regarding detected incidents and suspicious activities.

Requirements

• Practical experience in the identification and investigation of information security incidents, development of recommendations to prevent similar incidents in the future
• Understanding of the methods, tools and processes to respond to information security incidents
• Experience in network traffic and log-files analysis from various sources
• Knowledge of current threats, vulnerabilities, typical of attacks on information systems and tools to implement them, as well as methods for their detection and response
• Knowledge of network protocols, the architectures of modern operating systems and information security technologies
• Experience in work with ELK stack is welcome
• Certifications (Offensive Security, GIAC) are welcome