We are seeking an experienced Lead Security Software Engineer to enhance our team.
The successful candidate will have extensive knowledge in Cyber, Information, Network, and Cloud Security within Enterprise settings. They should have a proven track record in an Enterprise SOC environment and hands-on skills in configuring both SIEM and SOAR technologies to elevate the detection and response measures for security incidents.

#LI-DNI

Responsibilities

• Configuration of SIEM and SOAR solutions for seamless integration with various security tools, systems, and data sources
• Execution of tests and validation of SIEM and SOAR configurations
• Construction and deployment of detection use-cases and SIEM detection rules
• Development and rollout of SOAR remediation use-cases
• Efficiency enhancements in security operations through the creation, testing, and refinement of SOAR playbooks
• Integration and optimization of log sources with SIEM solutions for improved log ingestion and processing
• Execution of threat hunting, data enrichment, threat intelligence feed onboarding, and automated response utilization
• Generation of reports for stakeholders, accommodating both technical and non-technical audiences
• Keeping abreast with the latest SIEM technologies and advocating for continuous enhancement practices

• Minimum 5 years of experience in SIEM solutions like Azure Sentinel, Splunk, Google SecOps, QRadar, or ArcSight
• 1+ years of relevant leadership experience
• Capability to work with cloud platforms such as GCP or Azure
• Technical knowledge of internet security protocols, network protocols, IDS/IPS, firewalls, content filtering technologies, and Network Behavior Analysis tools
• Basic understanding of Windows, Linux, DB, network device monitoring, and log techniques
• Familiarity with host and network security hardening and common security risk management practices
• Fluent English communication skills at a B2+ level

• Proficiency in Python or PowerShell scripting and automation, and developing API integrations with SIEM/SOAR tools
• Familiarity with MITRE ATT&CK framework, CAPEC, and other attack frameworks
• Background in employing AI for daily security operations
• Experience with SIRP/SOAR tools including Google SecOps SOAR, TheHive, Cortex, Splunk Phantom, Demisto/XSOAR, or Resilient
• Knowledge of Splunk SPL, Splunk CIM, YARA-L 2.0, UDM, and KQL

• Career plan and real growth opportunities
• Unlimited access to LinkedIn learning solutions
• International Mobility Plan within 25 countries
• Constant training, mentoring, online corporate courses, eLearning and more
• English classes with a certified teacher
• Support for employee's initiatives (Algorithms club, toastmasters, agile club and more)
• Enjoyable working environment (Gaming room, napping area, amenities, events, sport teams and more)
• Flexible work schedule and dress code
• Collaborate in a multicultural environment and share best practices from around the globe
• Hired directly by EPAM & 100% under payroll
• Law benefits (IMSS, INFONAVIT, 25% vacation bonus)
• Major medical expenses insurance: Life, Major medical expenses with dental & visual coverage (for the employee and direct family members)
• 13 % employee savings fund, capped to the law limit
• Grocery coupons
• 30 days December bonus
• Employee Stock Purchase Plan
• 12 vacations days plus 4 floating days
• Official Mexican holidays, plus 5 extra holidays (Maundry Thursday and Friday, November 2nd, December 24th & 31st)
• Monthly non-taxable amount for the electricity and internet bills