Incident Response Engineer/SOC Analyst Tier 2+

We’re looking for Incident Response Engineer/SOC Analyst Tier 2+. Your role is critical in maintaining the overall security posture of the company by ensuring potential security incidents are swiftly identified, analyzed, and mitigated.

We’re not looking for SOC operators - we’re looking for someone who can arrange and manage the total landscape of detection and reaction to cybersecurity threats that endanger operations of our company.

Responsibilities:

• defining and refining requirements regarding monitoring of company assets to be implemented by SOC,
• ensuring that events are investigated, possible security incidents are accurately identified and investigated, analyzed, escalated, guarded against, and communicated with clarity,
• establishing procedures for classification, investigation, and resolution of security incidents,
• working closely with the security team to develop and refine SOC processes and procedures, including technical incident response plans,
• evaluating incidents identified by the SOC team, to pinpoint affected systems and/or data and the extent of attack
• carrying out in-depth analysis, including analyzing running processes, intrusion artifacts and configuration of affected systems, to find the perpetrator, vector of attack and the type of attack,
• preparing technical response plan to contain and remediate incident,
• maintaining detailed incident documentation and logs to track and report on security incidents and their resolution,
• actively monitoring network traffic and system logs for anomalies that may indicate currently unknown vulnerabilities, security gaps and/or attack vectors, and using that information to improve detection capabilities of SOC team,
• reviewing alerts, threat intelligence, and security data to suggest security strategy for long-term improvement, incident containment and recovery,
• staying up-to-date with the latest threats, vulnerabilities, and security best practices.

Requirements

• at least 3 years of experience with common cybersecurity tools and technologies, such as firewalls, IDS/IPS, endpoint protection, and network monitoring tools
• solid experience working in environment where close cooperation with SOC team is critical to proper end effective incident investigation, containment and remediation,
• proficient in incident investigation across different operating systems and software solutions
• strong understanding of network security, incident response, and threat intelligence,
• ability to analyze and interpret complex data from various sources to identify potential security threats,
• strong problem-solving skills and the ability to work under pressure in a fast-paced environment,
• excellent communication skills, with the ability to clearly articulate security risks and incidents to technical and non-technical stakeholders,
• proficiency in Polish and English, both written and verbal.

Nice to have:

• professional certifications such as CompTIA Security+, CEH, GCIH, GCIA, or similar,
• familiarity with scripting or programming languages to automate routine tasks and parse large datasets,
• prior experience in threat hunting and forensic analysis,
• knowledge of regulatory compliance and data protection standards, such as GDPR and ISO/IEC 27001, which influence SOC operations.