Responsibilities:

• Conducted alert triage, investigation, scoping, and remediation activities using EDR/XDR platforms, ensuring timely response to endpoint and extended detection alerts
• Operated and maintained Data Loss Prevention (DLP) technologies, monitoring data movement and enforcing policies to prevent unauthorized data exfiltration
• Performed triage of security alerts, distinguishing false positives from true threats, and executed appropriate escalation or resolution workflows
• Utilized Security Information and Event Management (SIEM) platforms to write, test, and tune detection rules, integrate log sources, and manage comprehensive investigation procedures
• Analyzed Web Application Firewall (WAF) events, created and tuned rulesets to block malicious traffic while minimizing false positives
• Participated in end-to-end incident response, including detection, forensic analysis, containment, eradication, and recovery of cybersecurity incidents
• Maintained and improved incident response playbooks, ensuring alignment with current threats and best practices
• Led vulnerability management efforts by conducting scans, prioritizing findings based on risk, and coordinating with stakeholders for timely remediation
• Reviewed and interpreted logs from diverse sources including operating systems, applications, network appliances, and cloud infrastructure to support investigations and compliance

Requirements:

• Strong hands-on experience with EDR/XDR platforms for alert triage, investigation, scoping, and incident remediation
• Practical knowledge of Data Loss Prevention (DLP) technologies, including policy management, monitoring, and enforcement to prevent data leaks
• Proven ability to triage security alerts, identify false positives, and respond appropriately to real security threats
• Proficiency with SIEM platforms, including writing and tuning detection rules, integrating log sources, and conducting in-depth investigations
• Experience in Web Application Firewall (WAF) management, including event analysis and rule customization to defend against web-based threats
• In-depth understanding of incident response processes, with hands-on involvement in detection, analysis, containment, eradication, and recovery stages
• Ability to develop and maintain incident response playbooks, aligning procedures with evolving threat landscapes and organizational needs
• Solid background in vulnerability management, including vulnerability scanning, risk-based prioritization, and coordination of remediation actions
• Competence in reading and analyzing logs from operating systems, applications, network devices, and cloud environments to support security investigations and ensure compliance
• Good level of spoken and written English (B1+) and Russian

Nice to have:

• Experience with cloud environments
• Knowledge of Kubernetes environment and containerized applications
• Familiarity with the fintech domain

Are you interested in this position? Apply by clicking on the “Apply Now” button below!

#DesignFintech
#GlobalDesigners
#FintechInnovation
#CreativeJobs
#JPNDesignHub
#TechMeetsDesign
#DesignerNetwork
#InnovateWithJPNFintech