Senior SOC Engineer

inDriver

  • Алматы
  • Постоянная работа
  • Полная занятость
  • 15 д. назад
We are looking for an experienced Senior SOC Engineer.inDrive is an international technological platform for transport and personal services. We are one of the top 2 mobile travel booking services in the world with over 150 million installs, over 2 billion trips, 600+ cities in 45+ countries.inDrive is a product used by tens of millions of people every month. They make urban or intercity trips, order cargo transportation or courier delivery, look for work and call handymen to provide household services.Responsibilities:
  • Develop, review and improve correlation rules for SIEM to detect malicious activity in different parts of infrastructure
  • Review and update response playbooks for SIEM alerts and information security incidents
  • Develop new microservices to automate SOC tasks and duties and improve existing ones in terms of stability, efficiency and scalability
  • Analyze the current SOC activities, generate the automation proposals, develop the architecture of future solutions
  • Research the new technologies and their applicability in SOC, lead the implementation of such technologies
  • Respond to SIEM alerts and participate in security incidents investigations together with other members of the SOC team
Requirements:Who we are looking for:
  • Experience working with at least one of the popular SIEM solutions (Splunk, ArcSight ESM, QRadar, etc.) as an engineer or analyst
  • Experience in developing and optimizing SIEM correlation rules to detect malicious activity
  • Understanding of tactics, techniques and procedures (in accordance with the MITER Attack matrix) used at different stages of hacker attacks (initial access, lateral movement, privilege escalation, persistence, etc)
  • Middle and higher Python level
  • Experience designing simple, scalable, and efficient microservices in Python or Golang
  • Ability to work with documentation (+ ability to quickly understand any library)
  • Experience with Github or Gitlab
  • English at the level of reading technical documentation
What makes you a better fit:
  • Experience in developing detection rules for SIEM for Cloud (AWS/GCP) and Kubernetes infrastructure
  • Knowledge and experience with asynchrony mechanisms in Python (asyncio, aiohttp, FastApi)
  • Ability to build modular and extensible architecture, experience in using various architectural patterns
  • Experience with Github Actions, Gitlab CI or other CI/CD systems
  • Experience with Docker, writing Docker-compose files
  • Experience writing Helm Charts, deploying services in K8S via Helm
Professional certificates in practical information security in offensive and defensive areaSkills Tags: Splunk, SIEM, Linux, Falco, Osquery, Auditd, Docker, Kubernetes, Helm, AWS, GCP, Python, Golang, Windows, Sysmon, Elastic, Mitre Attack, MacOS, Github, Ansible, TerraformWe offer:
  • Relocation to company offices in Cyprus or Kazakhstan;
  • Modern MacBook Pro and other equipment necessary for work;
  • Unlimited opportunities for professional and career growth, regular external and internal training from our partners;
  • Personal growth programs in which we set goals and move towards them together;
  • Become part of an international team of professionals and just good people who together create one of the coolest success stories in the global IT industry.
Компания InDrive

HeadHunter