جیبیت | Jibit

تاسیس در ۱۳۹۵ کامپیوتر، فناوری اطلاعات و اینترنت ۵۱ تا ۲۰۰ نفر jibit.ir

استخدام کارشناس مرکز عملیات (SOC)

این آگهی منقضی شده است

دسته‌بندی شغلی

IT / DevOps / Server
موقعیت مکانی

تهران ، تهران
نوع همکاری

تمام وقت
حداقل سابقه کار

سه تا شش سال
حقوق

توافقی

شرح موقعیت شغلی

We are seeking an experienced SOC with a strong penetration testing background to join our Security Operations Center (SOC) team. In this role, you will play a critical part in monitoring, detecting, and responding to security threats, leveraging your offensive security expertise to enhance our defensive capabilities. You will lead investigations, develop advanced detection rules, and contribute to proactive threat hunting, bridging the gap between red team and blue team operations. This is an excellent opportunity for a skilled professional to drive impact in a dynamic SOC environment.

Key Responsibilities

Monitor and Analyze Security Alerts: Proactively monitor and analyze security alerts and logs using SIEM tools (e.g., Splunk, ELK) to identify and prioritize potential threats, applying deep knowledge of attack vectors and exploit techniques.
Lead Incident Investigations: Independently investigate and respond to security incidents, correlating logs with known attack patterns and vulnerabilities to determine root causes and impact.
Threat Hunting: Conduct proactive threat hunting based on penetration testing insights, identifying indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) in network and system logs.
Advanced Log Analysis: Analyze complex logs from security devices (e.g., firewalls, WAFs, IDS/IPS) and endpoints, using pentesting knowledge to detect sophisticated attacks or post-exploitation activities.
SIEM Rule Development: Design, implement, and optimize SIEM use cases, dashboards, and alerts, incorporating attack scenarios derived from penetration testing methodologies.
Conduct Internal Penetration Tests: Perform controlled internal penetration tests or attack simulations to validate SOC detection capabilities, improve monitoring processes and testing internal service.
Process Improvement: Drive improvements in SOC workflows, detection rules, and incident response procedures by applying insights from offensive security practices.

Requirements

Experience: 1–3 years of professional experience in SOC operations, penetration testing, or a combination of offensive and defensive security roles.
Advanced Cybersecurity Knowledge: Strong understanding of security monitoring, incident response, and penetration testing, including the cyber kill chain, MITRE ATT&CK framework, and common exploit techniques.
Penetration Testing Expertise: Proficiency with penetration testing methodologies (e.g., OWASP, PTES, NIST 800-115) and tools (e.g., Metasploit, Burp Suite, Nmap, BloodHound, Kali Linux), with experience conducting web, network, or application pentests.
SIEM Proficiency: Hands-on experience building and managing use cases, dashboards, and alerts in SIEM platforms such as Splunk, ELK, or similar.
Networking and OS Expertise: In-depth knowledge of networking protocols (e.g., TCP/IP, DNS, HTTP/S), operating systems (Windows, Linux), and how vulnerabilities are exploited in these environments.
Analytical Skills: Exceptional analytical and problem-solving abilities, with a focus on interpreting complex logs and alerts through an attacker’s perspective.
Proactive Mindset: Initiative to identify gaps in detection capabilities and propose solutions based on offensive security insights.
Flexibility: Willingness to participate in on-call duties and rotating shifts, with the ability to respond to incidents outside regular hours.
Communication Skills: Ability to document findings clearly and present technical details to both technical and non-technical stakeholders.