Overview:
SOFTSWISS continues to expand the team and is looking for an Incident Response Lead. We need a true, experienced, and accomplished professional who shares our culture and values.
The ability for SOFTSWISS to continue to operate a fast and effective service is underpinned by the scale and performance of the technology products. We are building a new tier for leadership with the technical team. In this role, you will be responsible for the Incident Response Process.
Security Team:
SOFTSWISS Security Team takes care of iGaming services protection, data privacy, and business continuity to ensure that nothing distracts satisfied customers from using our products. We work closely with the IT team that develops and supports our services, and together we create genuinely excellent and secure iGaming products.
Key responsibilities:
- Leading in incident response processes & automation
- Immerse yourself in the specifics of systems and processes to achieve a balance of security and performance
- Manage security in our Cloud solutions
- Investigate security incidents and instigate remedial measures to address breaches
- Contribute to the definition of security policies and standards
Requirements:
- 5+ years of experience in information security (engineering/analyst or lead roles)
- Proven experience in incident response, including targeted threat investigation & remediation
- Strong understanding of MITRE ATT&CK Framework (attackers’ techniques knowledge)
- Solid knowledge of Windows and Linux systems, including logs and events
- Experience with SIEM tools (Splunk, ELK, etc.) + SQL querying and SOAR/IRP platforms
- Cloud security expertise (telemetry, attack techniques, investigation)
- Familiarity with SecOps processes (detection, monitoring, alerting, threat intel)
- Strong analytical and problem-solving skills
- Intermediate or higher level of English
Nice to have:
- Experience in development and automation using Bash, Python, PowerShell, Terraform, SaltStack, and/or Ansible
- Familiarity with CI/CD processes and DevOps practices
- Understanding of Kubernetes and Docker infrastructure, as well as related security threats
- Experience with Clickhouse (Analyst, Administration)
- Hands-on experience implementing security controls with major cloud providers (AWS, GCP, Azure)
- Digital forensics skills using open-source tools (e.g., FTK, R-Studio)
- Knowledge of open-source endpoint and infrastructure security solutions such as Auditd, Wazuh, Sysmon, AppArmor, SELinux, etc.
- Experience with Red/ Blue team exercises