We are seeking an experienced Lead Security Software Engineer to enhance our team.
The successful candidate will have extensive knowledge in Cyber, Information, Network, and Cloud Security within Enterprise settings. They should have a proven track record in an Enterprise SOC environment and hands-on skills in configuring both SIEM and SOAR technologies to elevate the detection and response measures for security incidents.
Req.#720143286

#LI-DNI

Responsibilities

• Configuration of SIEM and SOAR solutions for seamless integration with various security tools, systems, and data sources
• Execution of tests and validation of SIEM and SOAR configurations
• Construction and deployment of detection use-cases and SIEM detection rules
• Development and rollout of SOAR remediation use-cases
• Efficiency enhancements in security operations through the creation, testing, and refinement of SOAR playbooks
• Integration and optimization of log sources with SIEM solutions for improved log ingestion and processing
• Execution of threat hunting, data enrichment, threat intelligence feed onboarding, and automated response utilization
• Generation of reports for stakeholders, accommodating both technical and non-technical audiences
• Keeping abreast with the latest SIEM technologies and advocating for continuous enhancement practices

• Minimum 5 years of experience in SIEM solutions like Azure Sentinel, Splunk, Google SecOps, QRadar, or ArcSight
• 1+ years of relevant leadership experience
• Capability to work with cloud platforms such as GCP or Azure
• Technical knowledge of internet security protocols, network protocols, IDS/IPS, firewalls, content filtering technologies, and Network Behavior Analysis tools
• Basic understanding of Windows, Linux, DB, network device monitoring, and log techniques
• Familiarity with host and network security hardening and common security risk management practices
• Fluent English communication skills at a B2+ level

• Proficiency in Python or PowerShell scripting and automation, and developing API integrations with SIEM/SOAR tools
• Familiarity with MITRE ATT&CK framework, CAPEC, and other attack frameworks
• Background in employing AI for daily security operations
• Experience with SIRP/SOAR tools including Google SecOps SOAR, TheHive, Cortex, Splunk Phantom, Demisto/XSOAR, or Resilient
• Knowledge of Splunk SPL, Splunk CIM, YARA-L 2.0, UDM, and KQL

• Medical, Dental and Vision Insurance (Subsidized)
• Health Savings Account
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability (Company Provided)
• Life and AD&D Insurance (Company Provided)
• Employee Assistance Program
• Unlimited access to LinkedIn learning solutions
• Matched 401(k) Retirement Savings Plan
• Paid Time Off - the employee will be eligible to accrue 15-25 paid days, depending on specific level and tenure with EPAM (accrual eligibility may change over time)
• Paid Holidays - nine (9) total per year
• Legal Plan and Identity Theft Protection
• Accident Insurance
• Employee Discounts
• Pet Insurance
• Employee Stock Purchase Program
• If otherwise eligible, participation in the discretionary annual bonus program
• If otherwise eligible and hired into a qualifying level, participation in the discretionary Long-Term Incentive (LTI) Program