Information Security Engineer

Information Security engineer.

Локация: Удаленная работа.
Опыт: 3–6 лет
Зарплата: ₽. Обсуждается на собеседовании.
Компания: GROUP-IB.

Обязанности:
• WAF / API Security Engineering:
➡Deploy, configure, and operate WAF and API protection (policies, rules, profiles, exclusions).
➡Tune detections to reduce false positives and false negatives; manage safe change execution (testing, approval, rollback).
➡Monitor effectiveness through metrics and reporting: top attack vectors, blocking efficiency, application/API coverage.

• Attack Surface Management (ASM):
➡Maintain external attack surface discovery (domains, IPs, cloud assets, shadow IT).
➡Validate findings, prioritize risks, and track remediation (exposed services, admin panels, TLS/DNS issues, data leaks).
➡Ensure continuous monitoring of new exposures and provide risk reporting.

• SIEM Engineering (Architecture, Logging, Normalization):
➡Define logging standards: required data sources, fields, formats, and retention.
➡Integrate data sources (endpoint, network, cloud, application) and develop/maintain parsers and normalization rules.
➡Troubleshoot ingestion and data quality issues (log loss, delays, incorrect fields, enrichment, correlation mapping).

• XDR / EDR Engineering:
➡Configure and maintain XDR/EDR policies (prevention, detection, exclusions, response actions, isolation).
➡Design scalable asset grouping and tagging (criticality, owner, environment, business unit).
➡Support customers and internal teams with onboarding, policy baselines, tuning, and operational alignment (notifications, escalations).

• Vulnerability Management:
➡Manage the full vulnerability lifecycle: scan coverage, triage, prioritization, SLA tracking, remediation validation, re-testing.
➡Integrate vulnerability data with asset inventory and ITSM systems.
➡Improve scan quality (credentialed scanning, scope hygiene, risk-based prioritization).
➡Deliver reporting for system owners and management.

• Automation & Integrations:
➡Automate routine operations (ingestion monitoring, parser QA, enrichment, reporting, ticketing workflows).
➡Build integrations via APIs/webhooks across SIEM, XDR, ASM, VM, ITSM, CMDB platforms.
➡Develop and maintain operational runbooks and change guardrails (testing, approval flows, rollback scenarios).

• Incident Support & Documentation:
➡Collaborate with SOC/IR and IT/DevOps during incidents (rapid policy tuning, blocking actions, artifact collection).
➡Maintain technical documentation: baseline configurations, integration diagrams, logging standards, operational procedures.
➡Provide security posture improvement recommendations to internal teams and customers.

Требования:
• 2+ years of experience as an Information Security Engineer, Security Operations Engineer, SOC Engineer, or security platform administrator.
• Strong knowledge of Web/App & API Security (OWASP Top 10, WAF principles, API protection basics).
• Hands-on SIEM engineering experience (data integration, parsing/normalization, ingestion troubleshooting).
• Experience with XDR/EDR platforms (policy configuration, exclusions, response actions, group/tag management).
• Vulnerability management lifecycle experience (scanning, prioritization, remediation tracking, re-testing).
• Strong networking knowledge (TCP/IP, HTTP(S), DNS, TLS, proxy, VPN).
• Linux and Windows administration basics.
• Automation skills: Python and/or PowerShell, REST APIs, JSON. CI/CD or workflow automation is a plus.
• Engineering mindset: building scalable and repeatable solutions rather than one-off fixes.
• Strong analytical thinking and risk-based prioritization.
• Clear communication with both technical teams and business stakeholders.
• Ownership and ability to make decisions under pressure (incidents, production changes).
• English proficiency: B2+.

✈ Показать контакты

#Удаленка #ИБ