We are looking for an Incident Response Analyst to join our Security team and operate on the front line of protecting the company’s infrastructure and services.This role is for someone who goes beyond simply reviewing alerts — you investigate incidents deeply, build detection logic, and reduce response time proactively, without waiting for attacks to become obvious.*Our team is Russian-speaking, so we’re currently looking for candidates with Russian as a native language to ensure smooth and comfortable communication within the teamDescriptionWhat We Expect3+ years of experience in Incident Response or Security OperationsHands-on experience with SIEM platforms (Splunk, ELK/OpenSearch, Graylog, or similar)Ability to read and interpret logs: OS (Linux/Windows/macOS), network, applications, cloudUnderstanding of network protocols and traffic analysis (Wireshark, Zeek, etc.)Knowledge of attacker tactics and techniques (MITRE ATT&CK, kill chain, IOC/TTP)Ability to independently lead investigations from alert to final reportScripting skills for automation (Python / Bash)Basic understanding of integrating LLM-based toolsNice to HaveExperience with SOAR platforms and building playbooksExperience with EDR/XDR solutions (CrowdStrike, SentinelOne, etc.)Participation in CTFs, red team / blue team exercises, or pentestingExperience with cloud logs (AWS CloudTrail, GCP Audit Logs, etc.)Experience integrating security tools via APIs and automating response using LLMRequirementsWork with WAF: analyze anomalous traffic, respond to web attacks, fine-tune rulesWork with DLP and MDM: investigate data leaks, analyze policy violations, collaborate with teams on findingsMonitor and triage alerts in SIEM: analyze events, classify incidents, prioritize responseIntegrate new log sources into SIEM: normalization, parsing, enrichmentDevelop and improve detection rules, correlation rules, and dashboardsReduce MTTR: identify bottlenecks in response processes, implement automation and runbooksParticipate in incident post-mortems and provide actionable recommendationsConduct security incident investigations: collect artifacts, reconstruct timelines, perform root cause analysis (RCA)Benefits25 vacation days and 5 family days yearlyFlexible start to the workdaySupport from a professional corporate coach and psychologistRegular internal and external activities, workshops, trips, and corporate eventsAccess to our internal knowledge base, meetups, and team-building activitiesOngoing training in new technologies and continuous professional development support
