SOC Engineer

About Exness

Exness is a multi-asset broker with an international team of approximately 1,800 people, a third of whom work in the Technology, Data and Security offices. Our goal in Exness is to develop exceptional products that will help experienced traders to trade various assets with better-than-market conditions.

Since our founding in 2008, we work with the firm belief that trading can - and should - be ethical. And so we developed proprietary algorithms and services to give our clients the most effective trading tools and conditions in the industry. Ambitious business goals balanced by genuine care for our customers and a healthy level of technical perfectionism define our model. And thanks to this approach, in 2022, our monthly trading volume reached $2.7 trillion, and the number of active users exceeded 320,000 people worldwide.

Our chosen path encourages employees to deepen their technical expertise, rely on scientific methods, and seek innovative solutions. We work on a modern stack without having to deal with excess legacy, and our architecture stands on k8s, PostgreSQL, Redis, Kafka, REST or gRPC as an alternative. We use the GitOps through Gitlab CI approach and cover everything with automated integration testing. Some of our teams' favorites are ClickHouse, MongoDB, React, and Flink.

Our clusters are automatically managed through the code and can handle thousands of events per second. We use Kafka to decentralize our service, and the main languages our tech team uses are Python and Go while in the Trading Core, we also use C++ and C#.

For the front-end, we use React, and most of the projects are TypeScript SPAs using technologies such as Web-sockets, Service Worker, PWA, Web-push, AB-testing, and Webpack Federation.

The people we’ve brought together come from many different countries with vast experience from leading IT companies. Although some of them work remotely, our main development office is located in Limassol, Cyprus. Any colleague who wants to relocate to Cyprus, whether alone or with family, will be provided with exceptional support, including a corporate MINI Countryman and financial allowance for private schools and kindergartens.

Our teams are constantly expanding and we’re always seeking the best talent to join us in providing the best possible trading experience to our clients. So check out the many exciting vacancies we have on our career website.

Position

You are a hands-on technical expert and work side by side with your teammates, constantly empowering them to do more. You use your industry experience to proactively detect and respond to cyber threats. You are closely cooperating with our infrastructure and application security teams to enhance our security posture and prevent possible attacks in future. You are passionate about threat hunting, detection engineering and responding to cyber threats using modern security solutions. You always wanted to become a part of a world-class Security Operations Center and bring your value to it.

About your team:

We are an actively growing security operations center team which uses modern threats detection approaches and solutions. We are proud of the high level of responsibility and results of our work. This motivates us to grow and contribute more to the company's success!

Our security operation center engineers work with SIEM, EDRs, k8s, Vault, Cloud platforms (Azure, AWS, GCP), WAF and actively use DevSecOps approaches to automate routine operations (SecOps, Python/Go).

Our close-knit team strives to grow each team member as our business grows.

You will:

• Analyze infrastructure of the company and find useful events sources which may aid in threats detection
• Design events collection, transformation and enriching procedures using our internal data model and infrastructure knowledge
• Evaluate EDR solutions against adversaries TTPs, find detections gaps and tune configurations
• Emulate adversary TTPs and various threats to find detection ideas and useful telemetry
• Conduct detection engineering and threat research to write precise and balanced detection rules
• Conduct threat hunting exercises using your curiosity and hypothesis-driven approach
• Constantly tune detection rules to minimize FP rate and maintain high threats coverage rate
• Closely work with infrastructure and application security teams to provide your feedback based on SOC collected telemetry
• Leverage Threat Intelligence analysis to learn new detection ideas and improve your knowledge of current threat landscape
• Conduct live incident response in order to define the scope, investigate, contain and remediate cyber threats
• Collect and analyze digital forensics artifacts
• Reverse engineer malware specimens to extract IOAs/IOCs to support triage and incident response procedures
• Generate detection ideas and design custom detection rules to mitigate various company's business risks

Your qualification

• 5+ years of experience in Information Security field
• 3+ years of experience as SOC Analyst
• 2+ years of incident response experience
• Understand principles of the modern endpoint protection solutions like EDRs, their capabilities, strong and weak sides
• Understand main OS security mechanisms and internals: Windows/Linux/macOS (at least one)
• Understand modern cloud platforms: Azure/AWS/GCP (at least one), its services, sources of events, collection options, possible attacks and detection approaches
• Understand current Threat landscape and MITRE ATT&CK TTPs for various endpoint platforms
• Understand network security, main protocols, attacks, detection approaches and solutions
• Ability to think like an adversary in order to predict its behavior and possible attack vectors
• Ability to react rapidly and quickly make decisions during incident response
• Hands-on experience with Sysmon, Auditbeat/OSquery, Cloud platforms, Elastic Stack/Splunk
• Hands-on experience with forensics and malware analysis
• Proficiency in one of the following languages: Go, Python, Bash
• Broad spectrum of tech knowledge in the following areas (at least part of the list): Linux, Docker, Kubernetes, Cisco ASA, Palo Alto Networks, macOS, Microsoft Windows/Active Directory, SSO solutions, Office 365/Google Workspace
• Ability to leverage business communication skills to inform, convince, and educate stakeholders, employees, and leadership to enable effective information security activities and processes
• Ability to solve complex tasks in cooperation with other security and business divisions
• Ability to work with high autonomy in compliance with deadlines
• English language (Upper-Intermediate or higher)
• General acquaintance with regulatory frameworks and compliance requirements associated with financial services is a plus
• Industry certifications like OSCP, OSEP, OSMR, PACES, OSDA, eCPTX, GCFA is a big plus
• Azure/AWS/GCP security or administration certifications is a big plus

What we offer

• A fairly estimated and attractive package (competitive salary based on your expectations and internal benchmark) with the ability to start working remotely anywhere in the world
• Company Car - the company will provide Exness-branded cars to those who relocated, parking near the office or a bus tickets
• We’ll pay school or kindergarten fees (Annual Registration or Tuition Fees, Regular term fees, Half day service to kindergartens) for your children between 0 years - 18 years, up to three (3) children
• L&D - support your need to replenish your knowledge and acquire new skills to do your job better via Continuous product education, Professional training & Certifications, Soft skill training, Language classes, and our very own Exness library
• Sports Benefits - Our very own Sports Club with dedicated coaches doing group and individual training, on-site and online, sharing healthy recipes and life hacks + Free Sanctum Club Membership for you and your spouse. Jet Skis (if you have a speed boat operator license)
• Medical - in addition to having a Corporate Doctor, we cooperate with one of the biggest international insurance companies in order to provide medical insurance for you and your families. Coverage is provided for you, your spouse, and your children up to 18 years old. It includes Inpatient, Outpatient, and international support