Incident Response Analyst – Middle

Overview:

SOFTSWISS is hiring an Incident Response Analyst to join our Security Operations team. We are looking for a hands-on specialist who will be responsible for detecting, investigating, and responding to security incidents, while continuously improving SOC processes and automation to ensure fast and effective threat mitigation.

Purpose of the role:

In this role, you will be responsible for monitoring and responding to cybersecurity incidents, conducting in-depth investigations, and implementing remediation measures to prevent future threats. You will work closely with internal systems and processes to balance security and performance, while contributing to the development and automation of SOC workflows to improve overall incident response efficiency.

Key responsibilities:

• Upgrade SOC processes & response automation;

• Respond to cybersecurity incidents;

• Immerse yourself in the specifics of systems and processes to achieve a balance of security and performance.

• Investigate security incidents and instigate remedial measures to address breaches.

• The position operates on a 2-on-2-off shift pattern, encompassing a 12-hour day shift, a 12-hour night shift the next day, and 2 free days after that.

Our stack:

• Splunk;

• Clickhouse;

• Gitlab;

• Python;

• ELK;

• Wazuh.

Required Experience:

• Practice with SIEM, EDR, IDS/IPS, IRP/SOAR events analysis.

• Familiarity with SecOps processes, i.e., monitoring, triaging, investigating, and threat intelligence.

• More than one year of experience as an information security engineer/analyst.

• Strong investigative and analytical problem-solving skills.

• Intermediate or higher English level.

Nice to have:

• Experience with Clickhouse, Splunk, Kafka, ELK, Graylog, etc.

• Strong Linux system administration experience.

• Expertise in network, host, and cloud-based analysis and investigation.

• Experience with AWS, Azure, GCP, k8s, Docker infrastructure, and familiarity with attacks on them.

• A strong understanding of the attack pipelines (MITRE ATT&CK Framework, Cyber Kill-Chain). -Familiarity with CI/CD, software development lifecycle, and Infrastructure-as-Code (Terraform/Ansible/etc).

• Proficiency in automation (Bash/PowerShell, Python).

• Experience with log collection, delivery, and normalization.

• Strong knowledge in open source solutions of endpoint & infrastructure security, such as Audit.d, sysmon, apparmor, selinux, etc. -Fundamental static and dynamic malware analysis.

• Offensive experience (penetration testing, red teaming).

Our Benefits:

• Full-time work opportunities

• Private insurance

• An additional Day Off (1) per calendar year

• Sports program compensation

• Comprehensive Mental Health Programme

• Free online English lessons with native speakers

• Generous referral program

• Training, internal workshops, and participation in international professional conferences and corporate events