Incident Response Analyst

SOFTSWISS is seeking an experienced Incident Response Analyst to join their expanding team. This role involves protecting iGaming services by working closely with IT and product teams to ensure security and stability across the ecosystem. Key responsibilities include upgrading SOC processes, responding to cybersecurity incidents, investigating security breaches, and implementing remedial measures. The position follows a 2-on-2-off rotating schedule with 12-hour day and night shifts.

Must Have

• Upgrade SOC processes & response automation
• Respond to cybersecurity incidents
• Immerse in system specifics for security and performance balance
• Investigate security incidents and instigate remedial measures
• Experience with SIEM, EDR, IDS/IPS, IRP/SOAR events analysis
• Familiarity with SecOps processes (monitoring, triaging, investigating, threat intelligence)
• Strong investigative and analytical problem-solving skills
• 1+ year experience as information security engineer/analyst
• Intermediate or higher English proficiency
• Intermediate or higher Russian proficiency
• Ability to work 2-on-2-off rotating schedule (12-hour day/night shifts)

Good to Have

• Expertise in network, host, and cloud-based analysis and investigation
• Experience with AWS, Azure, GCP, Kubernetes, Docker infrastructure and related attack vectors
• Strong understanding of attack pipelines (MITRE ATT&CK Framework, Cyber Kill-Chain)
• Experience with Clickhouse, Splunk, Kafka, ELK, Graylog
• Strong Linux system administration experience
• Familiarity with CI/CD, software development lifecycle, Infrastructure-as-Code (Terraform/Ansible/etc)
• Proficiency in automation (Bash/PowerShell, Python)
• Experience with log collection, delivery, and normalisation
• Strong knowledge in open-source endpoint & infrastructure security tools (Audit.d, Sysmon, AppArmor, SELinux, etc.)
• Basic static and dynamic malware analysis
• Offensive experience (penetration testing, red teaming)

Overview:

SOFTSWISS continues to expand the team and is looking for an Incident Response Analyst. We need a true, experienced, and accomplished professional who shares our culture and values.

Purpose of the Role:

You’ll help protect our iGaming services, working closely with IT and product teams to ensure security and stability across our ecosystem.

Key Responsibilities:

• Upgrade SOC processes & response automation
• Respond to cybersecurity incidents
• Immerse yourself in the specifics of systems and processes to achieve a balance of security and performance
• Investigate security incidents and instigate remedial measures to address breaches

• This position follows a 2-on-2-off rotating schedule:
• 12-hour day shift
• Followed by a 12-hour night shift the next day
• Then 2 days off

Our stack:

• Splunk, Clickhouse, Gitlab, Python, ELK, Wazuh

Required Experience:

• Experience with SIEM, EDR, IDS/IPS, IRP/SOAR events analysis
• Familiarity with SecOps processes (monitoring, triaging, investigating, threat intelligence)
• Strong investigative and analytical problem-solving skills
• 1+ year of experience as an information security engineer/analyst
• Intermediate or higher proficiency in English and Russian

Nice to Have:

• Expertise in network, host, and cloud-based analysis and investigation.
• Experience with AWS, Azure, GCP, Kubernetes, Docker infrastructure and related attack vectors.
• Strong understanding of attack pipelines (MITRE ATT&CK Framework, Cyber Kill-Chain).
• Experience with Clickhouse, Splunk, Kafka, ELK, Graylog, etc.
• Strong Linux system administration experience.
• Familiarity with CI/CD, software development lifecycle, Infrastructure-as-Code (Terraform/Ansible/etc).
• Proficiency in automation (Bash/PowerShell, Python).
• Experience with log collection, delivery, and normalisation.
• Strong knowledge in open-source endpoint & infrastructure security tools (Audit.d, Sysmon, AppArmor, SELinux, etc.).
• Basic static and dynamic malware analysis.
• Offensive experience (penetration testing, red teaming)

Learn more about our hiring process here (link)_ – what to expect, how to prepare, and what makes SOFTSWISS different.