Incident Response Analyst – Middle

Overview

SOFTSWISS is hiring an Incident Response Analyst to join our Security Operations team. We are looking for a hands-on specialist who will be responsible for detecting, investigating, and responding to security incidents, while continuously improving SOC processes and automation to ensure fast and effective threat mitigation.

Purpose of the role

In this role, you will be responsible for monitoring and responding to cybersecurity incidents, conducting in-depth investigations, and implementing remediation measures to prevent future threats. You will work closely with internal systems and processes to balance security and performance, while contributing to the development and automation of SOC workflows to improve overall incident response efficiency.

What you'll do

• Upgrade SOC processes & response automation;
• Respond to cybersecurity incidents;
• Immerse yourself in the specifics of systems and processes to achieve a balance of security and performance.
• Investigate security incidents and instigate remedial measures to address breaches.
• The position operates on a 2-on-2-off shift pattern, encompassing a 12-hour day shift, a 12-hour night shift the next day, and 2 free days after that.

Tech stack

• Splunk;
• Clickhouse;
• Gitlab;
• Python;
• ELK;
• Wazuh.

Who you are

Required Experience

• Practice with SIEM, EDR, IDS/IPS, IRP/SOAR events analysis.
• Familiarity with SecOps processes, i.e., monitoring, triaging, investigating, and threat intelligence.
• More than one year of experience as an information security engineer/analyst.
• Strong investigative and analytical problem-solving skills.
• Intermediate or higher English level.

Nice to have

• Experience with Clickhouse, Splunk, Kafka, ELK, Graylog, etc.
• Strong Linux system administration experience.
• Expertise in network, host, and cloud-based analysis and investigation.
• Experience with AWS, Azure, GCP, k8s, Docker infrastructure, and familiarity with attacks on them.
• A strong understanding of the attack pipelines (MITRE ATT&CK Framework, Cyber Kill-Chain). -Familiarity with CI/CD, software development lifecycle, and Infrastructure-as-Code (Terraform/Ansible/etc).
• Proficiency in automation (Bash/PowerShell, Python).
• Experience with log collection, delivery, and normalization.
• Strong knowledge in open source solutions of endpoint & infrastructure security, such as Audit.d, sysmon, apparmor, selinux, etc. -Fundamental static and dynamic malware analysis.
• Offensive experience (penetration testing, red teaming).

Team & benefits

Join our Security Operations team dedicated to proactive threat detection, rapid incident response, and continuous improvement of security workflows.

Main advantages

• Private insurance (depending on contract type)
• Paid gym membership
• Comprehensive Mental Health Program
• Free English lessons (online)
• Local language courses
• +1 day off per calendar year
• Referral program rewards
• Upskilling, internal workshops, and participation in professional conferences and corporate events