Work Expectations:

• Identifying and analyzing information security incidents using SIEM and other incident monitoring tools;
• Forming proposals for SIEM rule logic;
• Preparing reporting extracts on the state of information security;
• Full-cycle incident management in the IRP system (registration, processing, transfer, completion of incidents, and false positive handling);
• Receiving appeals regarding suspected information security incidents;
• Checking software in isolated environments for malicious content using automated CCI;
• Responding to information security incidents;

Technical Knowledge and Skills:

• Understanding of the basic principles of various information protection tools and the incident investigation process;
• Understanding of domain infrastructure organization based on OS WINDOWS;
• Basic knowledge of network technologies (TCP/IP stack, OSI model, DNS, DHCP, NAT, types of network services);
• Ability to analyze logs from CCI, OS, DBMS, and network equipment;
• Desire to acquire new knowledge in information security;

Desirable Technical Knowledge and Skills:

• Basics of WINDOWS and LINUX administration;
• Basic knowledge of writing bash, Powershell scripts, or programming skills;
• Practical experience with NGFW, WAF, NTA, SIEM, and ticketing systems;
• Experience using Wireshark;
• Experience working with Kali Linux;
• Understanding of attacker tactics and techniques, methods of detection, and threat countermeasures;

*a workplace is planned to be created and filled (a promising vacancy)