Description

RESPONSIBILITIES:

• Continuous monitoring of security telemetry (SIEM/XDR/NTA/Deception) 24/7.
• Initial triage and prioritization of alerts.
• Incident response: isolation, blocking, resets.
• Incident logging in SOAR/ITSM; notifying service owners.
• Escalation to L2/L3 with a complete set of artifacts and context.
• Phishing triage; safe inspection of emails, links, and attachments.
• Alert enrichment with threat-intelligence data; validation of IoCs/IoAs.
• Monitoring the health and availability of agents/sensors and telemetry channels.
• Maintaining shift logs and handovers; adhering to SLAs and MTTA.
• Participation in correlation/playbook improvements and SOC exercises

REQUIREMENTS:

• Education: Higher, technical (Information Security).
• Previous work experience in the field: up to 1 year.
• Basic knowledge of networks and protocols: TCP/IP, DNS, DHCP, HTTP(S), VPN, proxy.
• OS and infrastructure: Windows/Linux (basic administration).
• Entry-level skills with SIEM (Splunk/QRadar/Elastic, etc.) and EDR/antivirus solutions.
• Ability to construct simple search/correlation queries (KQL, SPL, or SQL preferred).
• Basic understanding of MITRE ATT&CK, the attack lifecycle, IoC/IoA, and phishing techniques.
• Willingness to work day/night shifts, attention to detail, discipline, and stress resilience.
• Languages: Kazakh and Russian — fluent; English — B1–B2 (reading technical documentation/correspondence).