Information Security engineer

TASKS TO SOLVE:

WAF / API Security Engineering

• Deploy, configure, and operate WAF and API protection (policies, rules, profiles, exclusions).

• Tune detections to reduce false positives and false negatives; manage safe change execution (testing, approval, rollback).

• Monitor effectiveness through metrics and reporting: top attack vectors, blocking efficiency, application/API coverage.

Attack Surface Management (ASM)

• Maintain external attack surface discovery (domains, IPs, cloud assets, shadow IT).

• Validate findings, prioritize risks, and track remediation (exposed services, admin panels, TLS/DNS issues, data leaks).

• Ensure continuous monitoring of new exposures and provide risk reporting.

SIEM Engineering (Architecture, Logging, Normalization)

• Define logging standards: required data sources, fields, formats, and retention.

• Integrate data sources (endpoint, network, cloud, application) and develop/maintain parsers and normalization rules.

• Troubleshoot ingestion and data quality issues (log loss, delays, incorrect fields, enrichment, correlation mapping).

XDR / EDR Engineering

• Configure and maintain XDR/EDR policies (prevention, detection, exclusions, response actions, isolation).

• Design scalable asset grouping and tagging (criticality, owner, environment, business unit).

• Support customers and internal teams with onboarding, policy baselines, tuning, and operational alignment (notifications, escalations).

Vulnerability Management

• Manage the full vulnerability lifecycle: scan coverage, triage, prioritization, SLA tracking, remediation validation, re-testing.

• Integrate vulnerability data with asset inventory and ITSM systems.

• Improve scan quality (credentialed scanning, scope hygiene, risk-based prioritization).

• Deliver reporting for system owners and management.

Automation & Integrations

• Automate routine operations (ingestion monitoring, parser QA, enrichment, reporting, ticketing workflows).

• Build integrations via APIs/webhooks across SIEM, XDR, ASM, VM, ITSM, CMDB platforms.

• Develop and maintain operational runbooks and change guardrails (testing, approval flows, rollback scenarios).

Incident Support & Documentation

• Collaborate with SOC/IR and IT/DevOps during incidents (rapid policy tuning, blocking actions, artifact collection).

• Maintain technical documentation: baseline configurations, integration diagrams, logging standards, operational procedures.

• Provide security posture improvement recommendations to internal teams and customers.

APPLY FOR THIS VACANCY IF YOU HAVE THE FOLLOWING QUALIFICATIONS:

• 2+ years of experience as an Information Security Engineer, Security Operations Engineer, SOC Engineer, or security platform administrator.

• Strong knowledge of Web/App & API Security (OWASP Top 10, WAF principles, API protection basics).

• Hands-on SIEM engineering experience (data integration, parsing/normalization, ingestion troubleshooting).

• Experience with XDR/EDR platforms (policy configuration, exclusions, response actions, group/tag management).

• Vulnerability management lifecycle experience (scanning, prioritization, remediation tracking, re-testing).

• Strong networking knowledge (TCP/IP, HTTP(S), DNS, TLS, proxy, VPN).

• Linux and Windows administration basics.

• Automation skills: Python and/or PowerShell, REST APIs, JSON. CI/CD or workflow automation is a plus.

• Engineering mindset: building scalable and repeatable solutions rather than one-off fixes.

• Strong analytical thinking and risk-based prioritization.

• Clear communication with both technical teams and business stakeholders.

• Ownership and ability to make decisions under pressure (incidents, production changes).

• English proficiency: B2+.

WHY CHOOSE GROUP-IB:

• Your happiness is important to us. We want every single team member to be happy.
• Continuing professional development. At Group-IB, you can choose from various paths to growth: progress as an expert, advance to a management position, try your hand in another department, relocate abroad, or launch a new business area at Group-IB.
• A team with extensive international expertise. Do you have experience but are looking for exciting challenges? By choosing us, you will be choosing complex tasks and continuously improving your skills in a fast-growing international company.
• Globally recognized technologies. Group-IB's offices are located in seven countries and our products and services are sold in 60 countries. What’s more, Gartner, IDC, and Forrester have ranked our technologies among the best in their class. We work with over 450 international partners and about 500 clients.
• A culture created by each of us. Group-IB’s employees speak many different languages and understand one another. We respect each other's beliefs, share common values, and strive toward the happiness of every employee.
• Economic stability. Group-IB's sustainable growth helps rapidly develop careers that would take years to progress as far as most other companies.

WHAT ELSE YOU SHOULD KNOW:

• Certificates and training courses. Group-IB specialists hold over 1,000 professional certificates, including CEH, CISSP, OSCP, GIAC, MCFE, BSI, as well as some rare ones that would be a source of pride for experts in forensics, penetration testing, and reverse engineering worldwide. We have an incentive program that helps employees achieve certifications at the company's expense.
• Challenges. A wide selection of GIB programs helps you improve soft skills, gain new competencies, and receive monetary rewards.
• The initiative is rewarded. At Group-IB, you can bring your most daring ideas to life. The company encourages technical blogging, writing articles, building sports teams, and other creative activities.

Sounds like you? Apply now!