Senior SOC Engineer
Department: Information Security Department
Employment Type: Full Time
Location: Kazakhstan
Description
The SOC (Security Operations Center) team is responsible for monitoring and responding to security incidents across the company’s infrastructure. The team analyzes alerts, investigates suspicious activity, and maintains detection rules, response runbooks, and SIEM tools (including Splunk). They also improve detection capabilities, conduct threat hunting, and collaborate with engineering teams to strengthen security monitoring across Linux systems, cloud environments, and microservices.
Key Responsibilities
- Act as the L3 escalation point for complex security incidents and lead advanced investigations.
- Design and mature SOC processes, operational metrics, and contribute to the overall SOC architecture and detection strategy.
- Design, implement, and improve SIEM detection rules and response playbooks using a Detection as Code (DaC) approach.
- Translate MITRE ATT&CK tactics into practical detection logic across Linux, Cloud (AWS/GCP), and microservices environments.
- Drive hypothesis-based threat hunting activities to identify sophisticated, hidden attacker behavior.
- Collaborate with cross-functional and platform teams to streamline SOC workflows, improve alert enrichment, and enhance security visibility.
Skills, Knowledge and Expertise
- 5–7+ years of experience working in Security Operations Center environments, with strong hands-on experience at the SOC L3 level.
- Proven track record of building and improving SOC processes, metrics, and overall detection architecture.
- Expert-level knowledge of SIEM platforms (Splunk, Elastic, etc.), including complex correlation queries, data parsing, and normalization.
- Deep, confident knowledge of Linux systems, including host-level telemetry, container runtimes, and Kubernetes security telemetry (e.g., eBPF-based monitoring).
- Practical experience with Detection as Code methodologies and version control systems (Git).
- Deep understanding of attacker TTPs (MITRE ATT&CK) and the full incident response lifecycle.
- Strong knowledge of Cloud security monitoring (AWS and/or GCP).
Nice to have
- Experience with CI/CD pipelines (GitHub Actions) for security content deployment.
- Experience building or maturing Threat Intelligence and Threat Hunting processes, including hypothesis-driven investigations.
- Relevant security certifications (SANS, Offensive Security, Linux Foundation).
Conditions & Benefits
- Stable salary, official employment.
- Health insurance.
- Hybrid work mode and flexible schedule.
- Relocation package offered for candidates from other regions.
- Access to professional counseling services including psychological, financial, and legal support.
- Discount club membership.
- Diverse internal training programs.
- Partially or fully paid additional training courses.
- All necessary work equipment.
