Job Details

Information Security Analyst (SIEM) at LANIT. Remote work. Salary discussed at interview. Responsibilities include event analytics, developing correlation mechanisms, and maintaining SIEM resources.

Responsibilities: • Conducting event analytics: need to investigate how fully signs of events from end devices are registered; • Developing correlation mechanisms: describing signatures of potential incidents and creating auxiliary tools on the SIEM platform; • Testing and debugging prepared mechanisms to ensure they work without failures; • Maintaining the SIEM resource library in an up-to-date state.

Requirements: • Experience in developing SIEM content: writing correlation rules, normalizers, and incident detection scripts based on information security events; • Close work with SIEM solutions: understanding their internal architecture, event processing, configuration and operation experience (specific vendors are not critical, the main thing is understanding the principles); • Deep knowledge of modern cyber threats, attack vectors, tactics, and techniques (MITRE ATT&CK), ability to apply this knowledge to create detection logic; • Understanding of network protocols, operating system architectures (Windows, Linux), and basic information security tools (firewalls, IDS/IPS, antiviruses, DLP); • Experience with auditing and logging mechanisms on various infrastructure nodes; • Ability to analyze indicators of compromise and use them for event enrichment; • General experience in information security, including understanding SOC processes and incident lifecycle.