Blue Team Engineer

The company is seeking its first Blue Team Engineer to design, build, and operate its Security Operations capability. This role will be responsible for implementing monitoring, detection, and response processes while laying the foundation for a future SOC team. The engineer will be both hands- on and strategic, combining deep technical expertise with the ability to shape security operations and guide future hires.
Key Responsibilities1. SOC Development & Operations

Develop and maintain detection rules, alert logic, and security monitoring use cases.
Integration of AI solutions into the SOC system.
Support the design, implementation, and day- to- day operation of the company’s SOC capabilities (SIEM, EDR, log management, network security (IDS/IPS), monitoring pipelines, SOAR).

Threat Detection, Response & DFIR

Contribute to the development of DFIR processes, playbooks, escalation paths, and evidence- handling procedures.
Engage in proactive threat hunting aligned with MITRE ATT&CK and threat intelligence feeds.
Monitor and investigate security events, conduct root cause analysis, and participate in containment and remediation activities.

Security Operations Support

Support privileged access management (PAM) implementation and monitoring.
Participate in business continuity and disaster recovery planning, including testing and improvement of response processes.
Provide input into threat intelligence collection, analysis, and operational integration.
Contribute to vulnerability management, patch management, and secure configuration management initiatives.

Continuous Improvement & Collaboration

Collaborate with IT, AppSec, and Red Team functions to improve defenses and close security gaps.
Document findings, lessons learned, and recommendations for enhancing overall security posture.
Integrating AI solutions into the proactive defense system.
Partially contribute to security policies, standards, and compliance initiatives (ISO 27001, SOC2, etc.) and collaborate with the GRC team.
Assist in tabletop exercises, simulations, and training activities to validate incident response readiness.

We are looking for a highly motivated person with:

Foundation skills in malware analysis.
Can do attitude, gets things done
Strong critical thinking and analytical skills
2- 3+ years of experience in security operations, blue team engineering, or incident response.
Experience with scripting/automation (Python, PowerShell, Bash, etc.).
A proactive attitude & the ability to think outside of the box
Strong experience with SIEM platforms (e.g., ELK Stack, Wazuh, Splunk, Graylog), EDR tools, IDS/IPS, and network security.
Hands- on expertise in log analysis, network traffic analysis, memory and application forensics, and endpoint forensics.
Works in an organised, structured manner
Excellent communication skills with diverse audiences

Nice- to- have:

Relevant certifications: CompTIA Security+, GCIA, GCIH, GCFA, CHFI, CCD, BTL1 or equivalent.
Experience leading or mentoring SOC analysts or security engineers.
English communication.
Solid understanding of security frameworks and methodologies (MITRE ATT&CK, NIST CSF).

Chế độ bảo hiểm, Du Lịch, Phụ cấp, Chế độ thưởng, Chăm sóc sức khỏe, Đào tạo, Tăng lương, Công tác phí, Nghỉ phép năm

Cập nhật gần nhất lúc: 2025-10-30 11:50:03