Job Description

We are looking for an Incident Response Analyst to join our Security team and operate on the front line of protecting the company’s infrastructure and services.

This role is for someone who goes beyond simply reviewing alerts — you investigate incidents deeply, build detection logic, and reduce response time proactively, without waiting for attacks to become obvious.

*Our team is Russian-speaking, so we’re currently looking for candidates with Russian as a native language to ensure smooth and comfortable communication within the team

What We Expect

• 3+ years of experience in Incident Response or Security Operations
• Hands-on experience with SIEM platforms (Splunk, ELK/OpenSearch, Graylog, or similar)
• Ability to read and interpret logs: OS (Linux/Windows/macOS), network, applications, cloud
• Understanding of network protocols and traffic analysis (Wireshark, Zeek, etc.)
• Knowledge of attacker tactics and techniques (MITRE ATT&CK, kill chain, IOC/TTP)
• Ability to independently lead investigations from alert to final report
• Scripting skills for automation (Python / Bash)
• Basic understanding of integrating LLM-based tools

Nice to Have

• Experience with SOAR platforms and building playbooks
• Experience with EDR/XDR solutions (CrowdStrike, SentinelOne, etc.)
• Participation in CTFs, red team / blue team exercises, or pentesting
• Experience with cloud logs (AWS CloudTrail, GCP Audit Logs, etc.)
• Experience integrating security tools via APIs and automating response using LLM

Requirements

• Work with WAF: analyze anomalous traffic, respond to web attacks, fine-tune rules
• Work with DLP and MDM: investigate data leaks, analyze policy violations, collaborate with teams on findings
• Monitor and triage alerts in SIEM: analyze events, classify incidents, prioritize response
• Integrate new log sources into SIEM: normalization, parsing, enrichment
• Develop and improve detection rules, correlation rules, and dashboards
• Reduce MTTR: identify bottlenecks in response processes, implement automation and runbooks
• Participate in incident post-mortems and provide actionable recommendations
• Conduct security incident investigations: collect artifacts, reconstruct timelines, perform root cause analysis (RCA)

Benefits

• 25 vacation days and 5 family days yearly
• Flexible start to the workday
• Support from a professional corporate coach and psychologist
• Regular internal and external activities, workshops, trips, and corporate events
• Access to our internal knowledge base, meetups, and team-building activities
• Ongoing training in new technologies and continuous professional development support