SOC Incident Responder - Tietoevry Tech Services (m/f/d)

You may apply to Tietoevry by selecting Apply and fill your application details to the form. You may also Apply by using LinkedIn and populate details to your application from your LinkedIn profile.

Join Tietoevry Tech Services Cyber Defence and Operations CZ and grow your career with security talents.

About Us

At Tietoevry Tech Services, we're at the forefront of digital innovation, committed to protecting businesses from today's sophisticated threats. Our Cyber Defense and Operations unit is a hub of excellence, composed of skilled professionals dedicated to safeguarding our clients' digital assets. We're currently seeking a SOC Incident Responder to join our dynamic team. This role offers the opportunity to work alongside seasoned experts in security threat analysis, incident response, threat detection and intelligence, and security architecture, contributing to our mission of delivering cutting-edge security solutions.

Role Overview

As a SOC Cybersecurity Incident Responder, you'll be an integral part of our team, responsible for identifying, analyzing, and mitigating cybersecurity incidents. Reporting to the Head of Global SOC, you'll collaborate with a team of professionals to ensure our clients' digital environments are secure and resilient.

Key Responsibilities

Incident Response & Threat Handling

• Conduct in-depth incident investigations by correlating alerts, logs, endpoint telemetry, and threat intelligence.

• Perform root cause analysis and assess the impact of cyber incidents on business operations and critical assets.

• Lead containment, eradication, and recovery actions in collaboration with internal and customer teams.

• Provide expert guidance to customers and internal analysts on remediation and hardening actions.

• Perform forensic analysis of endpoints, servers, and cloud environments (memory dumps, file system, registry, etc.).

• Conduct malware analysis (static and dynamic) to understand behavior and potential impact.

• Participate in and help coordinate purple teaming exercises to identify detection gaps and improve defensive capabilities.

• Support or lead incident post-mortems and RCA documentation.

• Participate in (or facilitate) table-top exercises and simulations to ensure incident readiness.

• Possible on-call duty (rotational or ad-hoc basis, depending on case severity or service modifications).

SOC Process & Capability Development

• Develop, maintain, and refine incident response playbooks, workflows, and guidelines.

• Re-establish and continuously improve the SOC Incident Response concept, aligning it with threat landscape and customer needs.

• Document findings, lessons learned, and best practices to support SOC maturity.

• Design and implement new detection and response methods based on threat landscape evolution and incident learnings.

• Cooperate with SIEM and SOAR teams to integrate response automation into workflows.

• Mentor and support SOC Analysts (T1–T3) through knowledge sharing, case reviews, and ad-hoc consulting.

Optional/Strategic Additions

• Act as a subject matter expert (SME) for incident response in pre-sales, customer workshops, or audits.

• Contribute to service development (e.g., Incident Response Retainer, DFIR as a Service).

• Liaise with customers’ security teams during incidents and ensure proper escalation and communication flow.

Ideal Candidate Profile

General

• Experience: 2–5 years of hands-on experience in cybersecurity, particularly in SOC, CSIRT, or CERT environments, with a strong focus on incident response and threat handling.

• Analytical Skills: Proven ability to analyze and correlate diverse telemetry sources (e.g., SIEM, EDR, NDR, logs) to identify and understand complex attack patterns.

• Threat Knowledge: Deep understanding of the threat landscape, security kill chain, and attacker techniques, tactics, and procedures (TTPs), ideally aligned with MITRE ATT&CK.

• Technical Breadth: Strong knowledge of operating systems (Windows, Linux/*NIX), networking concepts (TCP/IP, DNS, HTTP/S, etc.), and enterprise IT environments.

• Detection & Response: Demonstrated experience in threat detection across endpoints, networks, and/or cloud platforms, including investigation and containment actions.

• Malware & Forensics: Familiarity with malware analysis (static or dynamic), file system analysis, and forensic investigation tools/processes is a strong plus.

• Scripting & Automation: Experience with scripting (e.g., Python, PowerShell, Bash) for automation, enrichment, or tooling is considered an advantage.

• Process Mindset: Comfortable working with structured incident response procedures, playbooks, and continuous process improvement initiatives.

• Communication: Ability to document and explain technical incidents clearly to both technical and non-technical stakeholders.

Qualifications

• Certifications: Holding or working towards relevant certifications such as OSCP, GCED, GCIA, GCIH, CySA+, eCDFP, BTL1/2 is highly valued.

• Tooling: Familiarity with the Atlassian suite (Jira, Confluence), ServiceNow, or equivalent ticketing/documentation systems.

• Language Skills: Fluency in English (spoken and written) is required; additional Nordic or Central European language skills are a plus.

• Mindset: Self-driven, detail-oriented, and comfortable in both operational and developmental aspects of SOC Incident Response.

Nice to Have

• Purple Teaming Experience: Participation in purple team exercises, or experience working with offensive tooling to simulate attacker behavior and improve detection.

• Cloud Security Exposure: Experience with security monitoring and incident response in public cloud environments (Azure, AWS, GCP).

• Threat Intelligence: Ability to consume, validate, and operationalize threat intelligence feeds into detection and response workflows.

• Tooling Development: Experience developing or enhancing internal SOC tooling (scripts, dashboards, automation frameworks, etc.).

• Incident Exercises: Involvement in conducting or leading table-top exercises (TTX) or cyber drills.

• Customer Interaction: Experience in handling customer communication during incidents, reporting, or post-incident reviews.

• SOC Improvement Projects: Background in documentation creation, playbook design, and internal process optimization.

We offer:

• Contract is for an indefinite period of time > we count on you!

• work partially or completely remote > work from wherever it suits you

• extra holidays > we have 25 days off plus 2 sick days.

• we contribute from 10 400 CZK per year > you name it. Choose from contributions for pension and life insurance, sports, culture, health, travel or education in the cafeteria.

• educate yourself > we regularly organize and pay for IT courses, certifications, language training and personal development courses

• 107 CZK meal allowance on top of your salary

• reward for a new colleague > refer another colleague to us and get up to 80,000 CZK

• we'll support you when you're sick > for colleagues who are seriously ill for a long period of time, we contribute to sick pay in excess of the law

• extra work is appreciated > when overtime is needed, we pay more than the law requires

• stay fit and fresh > in Ostrava, use the free fitness facilities in the building, in other locations, do sports with Multisport

• Nordic culture > We believe in you. No one is breathing down your neck and checking every minute of your work. We are friendly and open.

#LI-Hybrid

#LI-TM1

At Tietoevry, we believe in the power of diversity, equity, and inclusion. We encourage applicants of all backgrounds, genders (m/f/d), and walks of life to join our team, as we believe that this fosters an inspiring workplace and fuels innovation. Our commitment to openness, trust, and diversity is at the heart of our mission to create digital futures that benefit businesses, societies, and humanity. Diversity, equity and inclusion (tietoevry.com)