Senior Security Engineer

Tasks

  • Monitor compliance with safety requirements.
  • Increase the visibility of security events in the infrastructure to improve proactive incident response.
  • Eliminate vulnerabilities in infrastructure and products and automate their search.
  • Analyze and correlate the event to identify possible security incidents based on information from various sources and automation of these processes.
  • Cooperate with other departments and end-users, in cases of detection of incidents or non-compliance with security requirements.
  • Develop the requirements and recommendations for improving infrastructure security.
  • Suggest possible ways of operation and recommendations for their elimination.
  • Explore new tools in the security market and implement them to eliminate threats.

Our expectations

  • Confident knowledge of Linux / Docker / macOS.
  • Experience working with SIEM/MDM/IdM type systems.
  • Experience in collecting and normalizing logs from different systems for security tools and their subsequent analysis.
  • Experience in implementing security policies and correlation rules.
  • Understanding the security issues of large infrastructure.
  • Knowledge of modern attacking techniques, attack vectors of penetration into the infrastructure, and knowledge of standard solutions.
  • Understanding of Incident Response processes.
  • Knowledge of attack vectors and ways to protect WEB applications (OWASP TOP-10), understanding of modern WEB technologies.
  • Good knowledge of network technologies and protocols within Linux (TCP/IP, HTTP, TLS, HTTP Proxying, iptables/nftables).
  • Ability to automate your activities using Bash/Python/Go/Ansible/Terraform.
  • Understanding and ability to apply Infrastructure as Code approaches.
  • Knowledge of English at B1 level or higher.
  • At least 5 years of experience in the field of security.

Will be a plus

  • Experience in the field of AppSec / DevSecOps.
  • Experience in conducting pentests / bug hunting.
  • Experience in implementing security controls using the Zero Trust approach.
  • Experience in passing SOC2 and PCIDSS type security compliance.
  • Experience working with Service Mesh solutions.
  • Experience working with WAF/IDS/IPS type systems.
  • Experience in embedding tools for static and dynamic vulnerability analysis of applications in development processes.
  • Experience in web application development or experience in the role of AppSec.
  • Knowledge of Prometheus, Grafana Loki.

Additionally

  • Willingness to discuss relocation to Georgia.
  • The ability to work from anywhere in the world.
  • Flexible time-off and holiday policy.