Senior Security Engineer (Detection & Response)

Relativity Poland sp. z o.o. is hiring a Senior Cyber Security Engineer to ensure the security of its network and infrastructure by investigating and analyzing emerging threats against assets, identities, and clients.

Minimum qualifications:

• 5+ years of experience in a Security Operations Center, Incident Response, or Threat Detection team.
• Strong cyber incident response skills such as network forensics, memory forensics, and/or packet analysis.
• Ability to read, write, and analyze PowerShell, C#, and Python.
• Capability to independently manage the prioritization of complex security events.
• Advanced understanding of common SOC/CIRT operational processes and documentation.
• Advanced knowledge of TCP/IP, network services, cryptography, cloud, and web application attacks.
• Ability to collaborate within a global cross-functional team to execute on high-level objectives and drive the maturation of Relativity’s security posture.
• Deep understanding of infection mechanisms, malicious behavior, exploitation techniques, and mitigating controls.
• Good understanding of tools, tactics, and procedures utilized by attackers to access private systems and data.
• Strong analytical and problem-solving skills.
• Ability to leverage programming and scripting languages to build automations and develop SOAR playbooks.

Preferred qualifications:

• 7+ years of experience in a Security Operations Center, Incident Response, or Threat Detection team for cloud applications and corporate networks.
• Exposure to threat detection development and tuning.
• Experience in software design and development.
• DevSecOps experience.
• Ability to perform threat hunting, threat emulation, and/or purple teaming exercises.
• Familiarity with industry standard security devices and their configuration.
• Experience in reverse engineering malicious code to explore infection and propagation mechanisms.
• Experience with threat intelligence tools and processes.
• Preferred certifications include GCFA, GCIA, GCIH, GNFA, GREM, OSCP, OSEP, OSED, OSWE, OSDA, OSCE3, CompTIA Security+, CCNA CyberOps, or CEH.

• Review, validation, and triage of alerts and technical analysis of log data from diverse sensors, correlated signature logic, and threat intelligence sources.
• Assess the impact of security events using host, cloud, and network-based indicators to deliver actionable incident escalations.
• Develop and deploy detection and prevention signatures with response actions as part of a layered defensive strategy using multiple technologies and data types.
• Build automation to search through collected telemetry to detect and isolate advanced threats that evade existing security solutions.
• Create Standard Operating Procedures, SOC playbooks, configuration guides, and secure standards.
• Automate incident handling processes.
• Engage in continuous research of emerging threats and apply appropriate countermeasures in a rapidly changing environment.
• Serve as a subject matter expert in the mechanism and analysis of observed malicious activity.
• Clearly document and communicate investigation findings to both technical and executive stakeholders.
• Identify and automate away technical burden.
• Build automation to deploy, operate, and connect multiple cyber security tools and applications.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other legally protected basis, in accordance with applicable law.