компания "quadcode" we are quadcode, a company that develops a saas trading platform for clients all around the world. now we are looking for a middle/senior soc analysts for the security operations centre. teamschr(39) key responsibilities include but not limited to - data aggregation, security events normalisation and monitoring, timely response to security threats. first 3 tasks of the role: soc code base improvement (detection and response). development and testing of the response playbooks. detection rules development. main challenge you will face — events monitoring and incidence management process improvement. additionally: events correlation rules development; incidents response playbooks development and their automation; security events analysis and monitoring; partaking and/or leading the incident response processes; search, analysis and coordination of vulnerabilities elimination; detection rules operational checks via attacks emulation; security tools research and development; conducting periodic exercises to respond to security incidents; connection of the new log sources and processes to siem and soc tools; define requirements for the secure configuration of the operating systems, networks and services in terms of processing of the information security incidents. skills and knowledge we expect: 3+ years of relevant experience as a soc analyst; experience with vulnerabilities triage; l2 analyst research experience, including cases of remote specialists engagement; experience with collecting indicators of compromise from various systems; experience with operational checks of correlational searches via attacks emulation; deep understanding of it security domain; deep understanding of incident response process; base understanding of methods, tactics and procedures at different stages of attacks; knowledge of identification and evaluation of indicators of compromise associated with malware\attacker toolset; base experience with network ids management and rules writing\tuning; knowledge and experience working with mitre att&ck; knowledge of underlying defence mechanisms of modern operational systems; sql knowledge and relevant experience with relational databases; knowledge of common cases of networks, infrastructure and web application attacks. nice to have: working experience in fintech industry; deep understanding of modern it tech; experience working with siem-systems maintenance; experience with regular expressions writing; experience dealing with vulnerabilities in software and applications; experience working with vulnerabilities scanners (nmap, nessus); experience working with edr; experience with network traffic analysis.
Адрес
Санкт-Петербург