Information Security engineer

Описание вакансии

**Information Security engineer.

Локация:** Удаленная работа.

Опыт: 3–6 лет

Зарплата: ₽. Обсуждается на собеседовании.

Компания: GROUP-IB.

**Обязанности:

• WAF / API Security Engineering:**

➡Deploy, configure, and operate WAF and API protection (policies, rules, profiles, exclusions).

➡Tune detections to reduce false positives and false negatives; manage safe change execution (testing, approval, rollback).

➡Monitor effectiveness through metrics and reporting: top attack vectors, blocking efficiency, application/API coverage.

• Attack Surface Management (ASM):

➡Maintain external attack surface discovery (domains, IPs, cloud assets, shadow IT).

➡Validate findings, prioritize risks, and track remediation (exposed services, admin panels, TLS/DNS issues, data leaks).

➡Ensure continuous monitoring of new exposures and provide risk reporting.

• SIEM Engineering (Architecture, Logging, Normalization):

➡Define logging standards: required data sources, fields, formats, and retention.

➡Integrate data sources (endpoint, network, cloud, application) and develop/maintain parsers and normalization rules.

➡Troubleshoot ingestion and data quality issues (log loss, delays, incorrect fields, enrichment, correlation mapping).

• XDR / EDR Engineering:

➡Configure and maintain XDR/EDR policies (prevention, detection, exclusions, response actions, isolation).

➡Design scalable asset grouping and tagging (criticality, owner, environment, business unit).

➡Support customers and internal teams with onboarding, policy baselines, tuning, and operational alignment (notifications, escalations).

• Vulnerability Management:

➡Manage the full vulnerability lifecycle: scan coverage, triage, prioritization, SLA tracking, remediation validation, re-testing.

➡Integrate vulnerability data with asset inventory and ITSM systems.

➡Improve scan quality (credentialed scanning, scope hygiene, risk-based prioritization).

➡Deliver reporting for system owners and management.

• Automation & Integrations:

➡Automate routine operations (ingestion monitoring, parser QA, enrichment, reporting, ticketing workflows).

➡Build integrations via APIs/webhooks across SIEM, XDR, ASM, VM, ITSM, CMDB platforms.

➡Develop and maintain operational runbooks and change guardrails (testing, approval flows, rollback scenarios).

• Incident Support & Documentation:

➡Collaborate with SOC/IR and IT/DevOps during incidents (rapid policy tuning, blocking actions, artifact collection).

➡Maintain technical documentation: baseline configurations, integration diagrams, logging standards, operational procedures.

➡Provide security posture improvement recommendations to internal teams and customers.

Требования:• 2+ years of experience as an Information Security Engineer, Security Operations Engineer, SOC Engineer, or security platform administrator.

• Strong knowledge of Web/App & API Security (OWASP Top 10, WAF principles, API protection basics).

• Hands-on SIEM engineering experience (data integration, parsing/normalization, ingestion troubleshooting).

• Experience with XDR/EDR platforms (policy configuration, exclusions, response actions, group/tag management).

• Vulnerability management lifecycle experience (scanning, prioritization, remediation tracking, re-testing).

• Strong networking knowledge (TCP/IP, HTTP(S), DNS, TLS, proxy, VPN).

• Linux and Windows administration basics.

• Automation skills: Python and/or PowerShell, REST APIs, JSON. CI/CD or workflow automation is a plus.

• Engineering mindset: building scalable and repeatable solutions rather than one-off fixes.

• Strong analytical thinking and risk-based prioritization.

• Clear communication with both technical teams and business stakeholders.

• Ownership and ability to make decisions under pressure (incidents, production changes).

• English proficiency: B2+.

✈ Откликнуться

#Удаленка #ИБ