Security Operations Engineer
|Требования:||Perform various security related tasks according to standard operating procedures|
Participate on interconnecting the SIEM tool with sources of security incidents - e.g. logs from servers and applications, IDS/IPS, network and security devices, Vulnerability Management system, Antivirus system, etc.
Build new use cases and enhance already existing ones, create alerts and monitoring dashboards, build reporting and SOC's KPI.
Develop and fine-tune security processes and procedures
Actively detect and identify security weaknesses and determine the required remediation plan
Work on improvements and or automation of existing tooling (look into evaluation and selection of new tools and supporting assets)
Perform security incident analysis and recommend remediation steps
Participate on automation of the incidents prioritization and false positives identification
Act as a first-line contact point for various security consultations
|Квалификация:||At least 3 year of professional experience with IT and Network Security products and services, at least one year of professional experience with SIEM platforms and of doing security analytics|
Experience with Security Information and Event Management (SIEM) tools like Splunk, ArcSight, QRadar, etc.
Knowledge and experience with administration and hardening of Unix/Linux and Microsoft operating systems
Knowledge of IT and Network Security principles, techniques and technologies
Practical knowledge of security systems on the market (eg. Firewall, DMZ, SSL/IPSec VPN, Proxy, Remote Access, PKI ...)
Expert knowledge of Networking protocols and technologies, e.g. TCP/IP, Firewalls, NGFW, Routers, etc.
Application security and general information security knowledge (eg. XSS, buffer overflow, URL tampering, SQL Injection, DDoS, Botnets, ...)
Basic programming and/or scripting skills (automation)
Proficiency in written and spoken English
|Контакты:||Contact person: Валерий Бойко|
Contact phone: 044 593 7809