Security Operations Engineer (ID:9553) (вакансія неактивна)

• University degree in Information Technology, ideally IT Security related
• At least 3 year of professional experience with IT and Network Security products and services.
• Passion for IT security tools, products and services, Network and Server Administration technologies
• Knowledge and experience with administration and hardening of Unix/Linux and Microsoft operating systems
• Knowledge of IT and Information Security principles, techniques and technologies
• Practical knowledge of security systems on the market (eg. Firewall, DMZ, SSL/IPSec VPN, Proxy, Remote Access, PKI, etc.)
• Sound knowledge of Networking protocols and technologies, e.g. TCP/IP, Firewalls, NGFW, Routers, etc.
• Application security and general information security knowledge (eg. XSS, buffer overflow, URL tampering, SQL Injection, DDoS, Botnets, etc.)
• Proficiency in written and spoken English
• Strong analytical and problem-solving skills
• Ability to manage multiple tasks and resources
• Good presentation and communication skills
• You are structured and keen to identify and implement improvements
• You have basic programming and/or scripting skills (automation)
• Flexible and open for fast changes, always willing to learn and improve

• Programming and scripting skills (Python, Bash, Powershell, Perl)
• Experience with collaboration tools / ticketing systems (RT, Jira)
• Familiarity with telco technologies / protocols
• Experience with Endpoint Detection and Response Solutions
• Experience with Vulnerability scanners like Nessus, MVM, Qualys, etc.
• Experience with IDS/IPS solutions (Security Onion, Snort, Cisco IPS, NGIPS)
• IT Security Certifications like CISSP, CISM, CISA, CEH, GCIH, GCIA, OSCP, etc
• Experience with SIEM and/or SOAR solutions

You will have the opportunity to extend your knowledge, explore, learn and grow in:
• Security Information and Event Management (SIEM) environment.
• Participate in the integration of the SIEM tool with sources of security incidents — e.g. logs from servers and applications, IDS/IPS, network and security devices.
• Setting up and operating Vulnerability Management system, Antivirus system, etc.
• Performing Compliance management
• Build new use cases and enhance already existing ones, create alerts and monitoring dashboards, build reporting and SOC’s KPI.
• Threat hunting activities using all available tools (SIEM, IDS, EDR etc)
• Actively detect and identify security weaknesses and determine the required remediation plan
• Work on improvements and or automation of existing tooling. You will look into evaluation and selection of new tools and supporting assets
• Perform security incident analysis and recommend remediation steps
• Participate in the automation of the prioritization of incidents and the identification of false positives
• Grow professionally, improve your hard and soft skills with further career opportunities.

• Manage security Incidents & Vulnerabilities using our SOC ticketing system.
o Ensure an adequate problem description for each reported issue.
o Determine correct severity as well as identify and appoint severity of the event.
o Throughout the lifecycle of the problem ticket, being responsible for the accurateness of each ticket.
o Actively follow-up and actively poll for status updates and progress until remediation / ticket closure.
• Ensure notable security events are drafted in an agreed report template which is provided monthly to Senior Management.
• Log and follow-up policy / risk exception and exemptions through their lifecycle.
• Security certificates are being managed, you track expire and ensure timely renewal
• Logging and tracking of temporary access or privileges
• Maintaining a PenTesting calendar and initiation, coordination of the pentest activities. You maintain a record of consumed/available Pentesting mandays (& costs). As well as ensure PenTest reports are centralized and securely stored.
• Initiate, follow-up and register evidence of Quarterly User Access reviews
• You will also be actively involved in the vulnerability scanning process, analysis and following-up with remediation actions
• You initiate and coordinate Risk Assessment following the BICS Risk Mgt Framework
• You will be in charge of setting up and Producing a quarterly Risk Management dashboard Report
• You explore our big data, analyse trends, identify and maintain meaningful KPI’s and dashboards
• You scan for compliance against our policies and standards, log deviations and strive for remediation
• You develop and fine-tune existing security processes and procedures
• You apply automation where required and/or meaningful
• Act as a first-line contact point for various security consultations

Infopulse is currently looking for an Operations Engineer to strengthen our Security Operations Centre (SOC) in Kyiv, which reports into the BICS Security department headquartered in Brussels.