What makes the role special

In this role, you will go far beyond simple alert triage — you’ll take full ownership of complex incidents, investigate advanced attacks, and directly contribute to neutralizing threats for international clients. It’s a position that combines deep technical analysis, hands-on response, and mentorship, while giving you a fast track toward senior roles such as L3 Incident Response, Threat Intelligence, Malware Analysis, or Threat Hunting. Along the way, you’ll master advanced security tooling, shape detection logic, and turn your findings into actionable intelligence that strengthens both our team and our clients’ defenses.

Tasks to solve

• Investigate and respond to complex security incidents escalated from L1.

• Correlate endpoint, network, and log data to identify root cause and impact.

• Lead the full incident lifecycle: containment, forensics, remediation, reporting.

• Conduct malware, phishing, and forensic analysis to uncover attacker techniques.

• Perform proactive threat hunting and suggest improvements to detection logic.

• Mentor L1 analysts and create clear incident reports for stakeholders.

Requirements

• 1–3 years in SOC (L2) or similar role.

• Hands-on experience with incident response, forensics, and malware analysis.

• Strong knowledge of Windows/Linux/Mac artifacts, log and network analysis.

• Familiarity with MITRE ATT&CK and threat hunting approaches.

• Experience with SIEM, EDR/XDR, NDR; scripting (Python/PowerShell) is a plus.

• Strong analytical thinking and ability to work with incomplete data.

• Clear communication with both technical and business audiences.

• Ownership, autonomy, and willingness to mentor others.

• English B2+ for professional communication.

Nice to have:

Relevant certifications (e.g. GCIH, GCFA, GCFE, GNFA, GREM, eCIR, eCTHP, eCDFP).

Why choose Group-IB:

• Your happiness is important to us. We want every single team member to be happy.
• Continuing professional development. At Group-IB, you can choose from various paths to growth: progress as an expert, advance to a management position, try your hand in another department, relocate abroad, or launch a new business area at Group-IB.
• A team with extensive international expertise. Do you have experience but are looking for exciting challenges? By choosing us, you will be choosing complex tasks and continuously improving your skills in a fast-growing international company.
• Globally recognized technologies. Group-IB's offices are located in seven countries and our products and services are sold in 60 countries. What’s more, Gartner, IDC, and Forrester have ranked our technologies among the best in their class. We work with over 450 international partners and about 500 clients.
• A culture created by each of us. Group-IB’s employees speak many different languages and understand one another. We respect each other's beliefs, share common values, and strive toward the happiness of every employee.
• Economic stability. Group-IB's sustainable growth helps rapidly develop careers that would take years to progress as far as most other companies.

What else you should know:

• Health. If anything goes wrong, don’t worry — we offer health insurance.
• Certificates and training courses. Group-IB specialists hold over 1,000 professional certificates, including CEH, CISSP, OSCP, GIAC, MCFE, BSI, as well as some rare ones that would be a source of pride for experts in forensics, penetration testing, and reverse engineering worldwide. We have an incentive program that helps employees achieve certifications at the company's expense.
• Challenges. A wide selection of GIB programs helps you improve soft skills, gain new competencies, and receive monetary rewards.
• The initiative is rewarded. At Group-IB, you can bring your most daring ideas to life. The company encourages technical blogging, writing articles, building sports teams, and other creative activities.

Sounds like you? Apply now!