Incident Response Engineer/SOC Analyst Tier 2+

Techland is one of the biggest and best-known Polish game developers with studios in Wroclaw and Warsaw. For over 30 years, we've carried a tradition of providing gamers with unforgettable experiences. We're an international team of over 400 highly-skilled professionals driven by a passion for gaming, always striving for the best quality. 

We’re fueled by the support of our global community built on the foundation of successful AAA franchises such as Call of Juarez, Dead Island, or Dying Light. The gamers' trust in our games has resulted in our newest project, Dying Light 2 Stay Human, selling more than 5 million copies across all platforms within the first month after release. 

On top of continuously growing the world of Dying Light through a robust post-launch support plan for Dying Light 2 Stay Human, we're also working on an unannounced AAA Open World Action RPG set in a brand new fantasy universe; our biggest project to date. 

Techland's mission strictly determines every aspect of our work: we want to create unforgettable experiences.

We’re looking for Incident Response Engineer/SOC Analyst Tier 2+. Your role is critical in maintaining the overall security posture of the company by ensuring potential security incidents are swiftly identified, analyzed, and mitigated.

We’re not looking for SOC operators - we’re looking for someone who can arrange and manage the total landscape of detection and reaction to cybersecurity threats that endanger operations of our company.

Responsibilities:

• defining and refining requirements regarding monitoring of company assets to be implemented by SOC,
• ensuring that events are investigated, possible security incidents are accurately identified and investigated, analyzed, escalated, guarded against, and communicated with clarity,
• establishing procedures for classification, investigation, and resolution of security incidents,
• working closely with the security team to develop and refine SOC processes and procedures, including technical incident response plans,
• evaluating incidents identified by the SOC team, to pinpoint affected systems and/or data and the extent of attack
• carrying out in-depth analysis, including analyzing running processes, intrusion artifacts and configuration of affected systems, to find the perpetrator, vector of attack and the type of attack,
• preparing technical response plan to contain and remediate incident,
• maintaining detailed incident documentation and logs to track and report on security incidents and their resolution,
• actively monitoring network traffic and system logs for anomalies that may indicate currently unknown vulnerabilities, security gaps and/or attack vectors, and using that information to improve detection capabilities of SOC team,
• reviewing alerts, threat intelligence, and security data to suggest security strategy for long-term improvement, incident containment and recovery,
• staying up-to-date with the latest threats, vulnerabilities, and security best practices.

• at least 3 years of experience with common cybersecurity tools and technologies, such as firewalls, IDS/IPS, endpoint protection, and network monitoring tools
• solid experience working in environment where close cooperation with SOC team is critical to proper end effective incident investigation, containment and remediation,
• proficient in incident investigation across different operating systems and software solutions
• strong understanding of network security, incident response, and threat intelligence,
• ability to analyze and interpret complex data from various sources to identify potential security threats,
• strong problem-solving skills and the ability to work under pressure in a fast-paced environment,
• excellent communication skills, with the ability to clearly articulate security risks and incidents to technical and non-technical stakeholders,
• proficiency in Polish and English, both written and verbal.

Nice to have:

• professional certifications such as CompTIA Security+, CEH, GCIH, GCIA, or similar,
• familiarity with scripting or programming languages to automate routine tasks and parse large datasets,
• prior experience in threat hunting and forensic analysis,
• knowledge of regulatory compliance and data protection standards, such as GDPR and ISO/IEC 27001, which influence SOC operations.

What we can offer:

• a wide array of benefits: private medical care, life insurance, relocation support, pro-health campaigns, psychological support, gifts for different occasions, bonuses,
• an outstanding work atmosphere in a highly-skilled team of professionals, with flexible working hours, no dress code, and full support of the dedicated HR Business Partner,
• a constant stream of company newsletters, PR & project updates so you will always be in the know,
• many opportunities for personal development: a dedicated development budget for each employee, extra two paid days for training and CSR, stable career paths, extensive internal and external training, and financing of English and Polish language classes,
• state-of-the-art offices filled with chillout zones, a fully equipped kitchen, a gym (Wrocław office), and a free underground car park (Wrocław office).