Security Engineer (Advanced Threat Response)

VR-121727

Project Description:

Join our Development Centre in Bucharest and become a member of our open-minded, progressive and professional team. In this role you will be working for one of our world-famous clients.

The Chief Security Office (CSO) of our client comprises the Chief Information Security Office (CISO) and the Corporate Security unit. The CISO organization guarantees information security for our client.

The current initiatives are centered on enhancing cybersecurity capabilities across several critical domains: Threat Intelligence, Advanced Persistent Threats (APTs), Red Team Operations, Forensics and Malware Analysis.

These projects are designed to strengthen the organization's defense systems and enhance response strategies against complex cyber threats.

We are looking for candidates with strong engineering experience in the areas mentioned above to assist in evaluating and selecting the most effective tools. The roles include implementing the chosen solutions, migrations to different platforms and integrating them with already existing systems to ensure a smooth transition and improved security posture.

On top of attractive salary and benefits package, Luxoft will invest into your professional training, and allow you to grow your professional career.

Responsibilities:

Looking for a Security Engineer to join the Engineering organization, focused on Threat Simulation and Threat Intelligence capabilities to enable continuous , automated adversary emulation and high-fidelity detection.

You will manage onboarding, migration and integration of tools, conduct POCs to choose the best solutions, collaborate with vendors and stakeholders and enable Purple/RedTeam testing by delivering engineered platform configurations and data feeds.

Key responsibilities:

• Implement and maintain TI and adversarial-simulation tools

• Deploy use-case specific configurations (detection scenarios, simulation playbooks, collectors etc) end-to-end

• Execute tool migrations under guidance

• Support technical POCs: prepare test environments, run defined experiments, collect and validate telemetry and produce technical findings

• Collaborate with vendors, security architects, engineering and other stakeholders to deliver integrations and resolve operational issues

• Support purple/red teams to deploy infrastructure, simulation content and ensuring telemetry capture for validation

• Integrate and normalize new TI feeds into the detection pipeline

• Produce and maintain runbooks, onboarding guides, architecture diagrams and other required checklists

Mandatory Skills Description:

• 5+ years in security engineering , threat intelligence operations or adversary simulation support

• Must have cloud knowledge of GCP and Azure (deploying landing zones in both cloud providers via IaC (github with terraform), knowledge about IAM principles used and Compute features available

• Must have experience with GitHub version control, managing pipelines, automating, customizing and executing workflows directly within their repositories.

• Must have experience with Terraform to define, provision, and manage infrastructure across multiple cloud providers like Azure, and Google Cloud, as well as on-premises environments if needed.

• Strong Linux administration skills (system hardening, service management, troubleshooting, network tuning, secure baseline implementation, service orchestration)

• Practical Cloud management knowhow with CI/CD pipeline design and implementation experience

• Hands-on experience integrating security tools with SIEM/data lake and building/hunting pipeline components

• Experience supporting other team testing or translating offensive activities into detection content

Nice-to-Have Skills Description:

• Good to have experience with breach attack simulation tools and concepts, designing, deploying, managing and troubleshooting complex scenarios of such sort

• Good to have experience with attack path management concepts, tools and graph schema used by APM logic and so forth

• Good to have relevant technical API skills such as: RESTful APIs,SOAP APIs, JSON and XML,API documentation tools (e.g., Swagger, Postman),Security protocols (OAuth, JWT)

• Good to have experience in Python as well as Docker and Kubernetes containerization

• Familiarity with one or more tools from: Microsoft EASM/Anomali, Tanium, B!nalyze, GTI suite, JoeSanbox or other similar tools

• Experience with malware sandboxing, dynamic analysis and threat feed integration

• Experience with adversary emulation frameworks (ATT&CK, Caldera, Atomic Red Team)