EPAM is seeking a talented security engineer with experience in Cyber/Information/Network/Cloud Security in Enterprise environments and decent-scale knowledge of SIEM and SOAR technologies. The ideal candidate should have a background working within an Enterprise SOC and proven hands-on experience in SIEM and SOAR configuration to enable detection of security events and incident response.

#LI-DNI

Responsibilities

• SIEM & SOAR Configuration: Configure SIEM and SOAR solutions, ensuring seamless integration with various security tools, systems, and data sources; Conduct SIEM and SOAR testing and validation
• Use Cases Development & Implementation: Develop detection use-cases and implement SIEM detection rules; Develop SOAR remediation use-cases; Create, test, and update SOAR playbooks to streamline security operations
• Log Sources Integration & Threat Hunting: Integrate log sources with SIEM, optimize log ingestion and processing; Perform threat hunting, data enrichment, threat intelligence feeds onboarding, and utilize them for automated responses
• Documentation & Reporting: Generate reports for both technical and non-technical staff and stakeholders
• Relentless Improvement: Stay up-to-date with SIEM technologies and identify opportunities for continuous improvement

• At least 3 years experience with one or more SIEM solutions (Azure Sentinel, Splunk, Google SecOps, QRadar, ArcSight, etc.)
• Knowledge of at least 1 cloud platform (GCP, Azure)
• Technical knowledge of Internet security, Network protocols, and related technologies, including IDS/IPS, firewalls, content filtering, Network Behavior Analysis tools, Anti-malware and packet inspection
• Basic understanding of Windows, Linux, DB, network device monitoring and logging techniques
• Basic understanding of host and network security hardening, and common security risk management concepts

• Proficiency in scripting and automation (e.g., Python, PowerShell), developing API integrations with SIEM/SOAR
• Familiarity with attack frameworks and knowledge bases, such as the MITRE ATT&CK framework, CAPEC, etc
• Experience with leveraging AI assistance in daily security operations
• Experience with 1 or more SIRP/SOAR tool (Google SecOps SOAR, TheHive, Cortex, Splunk Phantom, Demisto/XSOAR, Resilient etc.)
• Knowledge of Splunk Search Processing Language (SPL), Splunk Common Information Model (CIM), YARA-L 2.0, Unified Data Model (UDM), Kusto Query Language (KQL)

• Career plan and real growth opportunities
• Unlimited access to LinkedIn learning solutions
• International Mobility Plan within 25 countries
• Constant training, mentoring, online corporate courses, eLearning and more
• English classes with a certified teacher
• Support for employee's initiatives (Algorithms club, toastmasters, agile club and more)
• Enjoyable working environment (Gaming room, napping area, amenities, events, sport teams and more)
• Flexible work schedule and dress code
• Collaborate in a multicultural environment and share best practices from around the globe
• Hired directly by EPAM & 100% under payroll
• Law benefits (IMSS, INFONAVIT, 25% vacation bonus)
• Major medical expenses insurance: Life, Major medical expenses with dental & visual coverage (for the employee and direct family members)
• 13 % employee savings fund, capped to the law limit
• Grocery coupons
• 30 days December bonus
• Employee Stock Purchase Plan
• 12 vacations days plus 4 floating days
• Official Mexican holidays, plus 5 extra holidays (Maundry Thursday and Friday, November 2nd, December 24th & 31st)
• Monthly non-taxable amount for the electricity and internet bills