SOC Analyst

компания "лаборатория касперского" the soc analyst is part of kl soc team engaged in continues security monitoring, incident response and cyber threat hunting. principle responsibilities analyze security events from endpoints (windows, mac, linux), network ids, web-proxies, mail-gateways, active directory infrastructure detect and investigate information security incidents propose incident response actions and remediation plan. identification of potential vectors of attacks, develop detection methods of these attacks by existing technological solutions adjust detection logic to fit customer needs (filter out false positives, customize correlation rules, etc) communicate with customers regarding detected incidents and suspicious activities. mandatory skills practical experience in the identification and investigation of information security incidents, development of recommendations to prevent similar incidents in the future understanding of the methods, tools and processes to respond to information security incidents experience in network traffic and log-files analysis from various sources knowledge of current threats, vulnerabilities, typical of attacks on information systems and tools to implement them, as well as methods for their detection and response knowledge of network protocols, the architectures of modern operating systems and information security technologies other requirements experience in work with elk stack is welcome certifications (offensive security, giac) are welcome