Senior Security Engineer
Tasks
- Monitor compliance with safety requirements.
- Increase the visibility of security events in the infrastructure to improve proactive incident response.
- Eliminate vulnerabilities in infrastructure and products and automate their search.
- Analyze and correlate the event to identify possible security incidents based on information from various sources and automation of these processes.
- Cooperate with other departments and end-users, in cases of detection of incidents or non-compliance with security requirements.
- Develop the requirements and recommendations for improving infrastructure security.
- Suggest possible ways of operation and recommendations for their elimination.
- Explore new tools in the security market and implement them to eliminate threats.
Our expectations
- Confident knowledge of Linux / Docker / macOS.
- Experience working with SIEM/MDM/IdM type systems.
- Experience in collecting and normalizing logs from different systems for security tools and their subsequent analysis.
- Experience in implementing security policies and correlation rules.
- Understanding the security issues of large infrastructure.
- Knowledge of modern attacking techniques, attack vectors of penetration into the infrastructure, and knowledge of standard solutions.
- Understanding of Incident Response processes.
- Knowledge of attack vectors and ways to protect WEB applications (OWASP TOP-10), understanding of modern WEB technologies.
- Good knowledge of network technologies and protocols within Linux (TCP/IP, HTTP, TLS, HTTP Proxying, iptables/nftables).
- Ability to automate your activities using Bash/Python/Go/Ansible/Terraform.
- Understanding and ability to apply Infrastructure as Code approaches.
- Knowledge of English at B1 level or higher.
- At least 5 years of experience in the field of security.
Will be a plus
- Experience in the field of AppSec / DevSecOps.
- Experience in conducting pentests / bug hunting.
- Experience in implementing security controls using the Zero Trust approach.
- Experience in passing SOC2 and PCIDSS type security compliance.
- Experience working with Service Mesh solutions.
- Experience working with WAF/IDS/IPS type systems.
- Experience in embedding tools for static and dynamic vulnerability analysis of applications in development processes.
- Experience in web application development or experience in the role of AppSec.
- Knowledge of Prometheus, Grafana Loki.
Additionally
- Willingness to discuss relocation to Georgia.
- The ability to work from anywhere in the world.
- Flexible time-off and holiday policy.