Senior SOC Engineer – Kazakhstan

The SOC (Security Operations Center) team is responsible for monitoring and responding to security incidents across the company’s infrastructure. The team analyzes alerts, investigates suspicious activity, and maintains detection rules, response runbooks, and SIEM tools (including Splunk). They also improve detection capabilities, conduct threat hunting, and collaborate with engineering teams to strengthen security monitoring across Linux systems, cloud environments, and microservices.

• Act as the L3 escalation point for complex security incidents and lead advanced investigations.
• Design and mature SOC processes, operational metrics, and contribute to the overall SOC architecture and detection strategy.
• Design, implement, and improve SIEM detection rules and response playbooks using a Detection as Code (DaC) approach.
• Translate MITRE ATT&CK tactics into practical detection logic across Linux, Cloud (AWS/GCP), and microservices environments.
• Drive hypothesis-based threat hunting activities to identify sophisticated, hidden attacker behavior.
• Collaborate with cross-functional and platform teams to streamline SOC workflows, improve alert enrichment, and enhance security visibility.

• 5–7+ years of experience working in Security Operations Center environments, with strong hands-on experience at the SOC L3 level.
• Proven track record of building and improving SOC processes, metrics, and overall detection architecture.
• Expert-level knowledge of SIEM platforms (Splunk, Elastic, etc.), including complex correlation queries, data parsing, and normalization.
• Deep, confident knowledge of Linux systems, including host-level telemetry, container runtimes, and Kubernetes security telemetry (e.g., eBPF-based monitoring).
• Practical experience with Detection as Code methodologies and version control systems (Git).
• Deep understanding of attacker TTPs (MITRE ATT&CK) and the full incident response lifecycle.
• Strong knowledge of Cloud security monitoring (AWS and/or GCP).

Nice to have

• Experience with CI/CD pipelines (GitHub Actions) for security content deployment.
• Experience building or maturing Threat Intelligence and Threat Hunting processes, including hypothesis-driven investigations.
• Relevant security certifications (SANS, Offensive Security, Linux Foundation).

• Help us challenge injustice by creating fair choices for millions of people across 1100+ cities in 48 countries.
• Develop your professional skills with access to mentoring, career consulting, and learning programs.
• Collaborate with teams around the world and gain international experience through our Global Talent Exchange Program.
• Engage in company-wide challenges, awards, sports activities, employee-led social impact and volunteering projects.
• Work alongside people who take initiative, speak openly, and challenge themselves to grow.
• Improve your language skills through co-financed courses and internal speaking clubs.

Final benefits may vary depending on the location.