SOC Incident Responder - Tietoevry Tech Services (m/f/d)

You may apply to Tietoevry by selecting Apply and fill your application details to the form. You may also Apply by using LinkedIn and populate details to your application from your LinkedIn profile.

Join Tietoevry Tech Services Cyber Defence and Operations CZ and grow your career with security talents.

About Us

At Tietoevry Tech Services were at the forefront of digital innovation committed to protecting businesses from todays sophisticated threats. Our Cyber Defense and Operations unit is a hub of excellence composed of skilled professionals dedicated to safeguarding our clients digital assets. Were currently seeking a SOC Incident Responder to join our dynamic team. This role offers the opportunity to work alongside seasoned experts in security threat analysis incident response threat detection and intelligence and security architecture contributing to our mission of delivering cutting-edge security solutions.

Role Overview

As a SOC Cybersecurity Incident Responder youll be an integral part of our team responsible for identifying analyzing and mitigating cybersecurity incidents. Reporting to the Head of Global SOC youll collaborate with a team of professionals to ensure our clients digital environments are secure and resilient.

Key Responsibilities

Incident Response & Threat Handling

• Conduct in-depth incident investigations by correlating alerts logs endpoint telemetry and threat intelligence.

• Perform root cause analysis and assess the impact of cyber incidents on business operations and critical assets.

• Lead containment eradication and recovery actions in collaboration with internal and customer teams.

• Provide expert guidance to customers and internal analysts on remediation and hardening actions.

• Perform forensic analysis of endpoints servers and cloud environments (memory dumps file system registry etc.).

• Conduct malware analysis (static and dynamic) to understand behavior and potential impact.

• Participate in and help coordinate purple teaming exercises to identify detection gaps and improve defensive capabilities.

• Support or lead incident post-mortems and RCA documentation.

• Participate in (or facilitate) table-top exercises and simulations to ensure incident readiness.

• Possible on-call duty (rotational or ad-hoc basis depending on case severity or service modifications).

SOC Process & Capability Development

• Develop maintain and refine incident response playbooks workflows and guidelines.

• Re-establish and continuously improve the SOC Incident Response concept aligning it with threat landscape and customer needs.

• Document findings lessons learned and best practices to support SOC maturity.

• Design and implement new detection and response methods based on threat landscape evolution and incident learnings.

• Cooperate with SIEM and SOAR teams to integrate response automation into workflows.

• Mentor and support SOC Analysts (T1T3) through knowledge sharing case reviews and ad-hoc consulting.

Optional/Strategic Additions

• Act as a subject matter expert (SME) for incident response in pre-sales customer workshops or audits.

• Contribute to service development (e.g. Incident Response Retainer DFIR as a Service).

• Liaise with customers security teams during incidents and ensure proper escalation and communication flow.

Ideal Candidate Profile

General

• Experience: 25 years of hands-on experience in cybersecurity particularly in SOC CSIRT or CERT environments with a strong focus on incident response and threat handling.

• Analytical Skills: Proven ability to analyze and correlate diverse telemetry sources (e.g. SIEM EDR NDR logs) to identify and understand complex attack patterns.

• Threat Knowledge: Deep understanding of the threat landscape security kill chain and attacker techniques tactics and procedures (TTPs) ideally aligned with MITRE ATT&CK.

• Technical Breadth: Strong knowledge of operating systems (Windows Linux/*NIX) networking concepts (TCP/IP DNS HTTP/S etc.) and enterprise IT environments.

• Detection & Response: Demonstrated experience in threat detection across endpoints networks and/or cloud platforms including investigation and containment actions.

• Malware & Forensics: Familiarity with malware analysis (static or dynamic) file system analysis and forensic investigation tools/processes is a strong plus.

• Scripting & Automation: Experience with scripting (e.g. Python PowerShell Bash) for automation enrichment or tooling is considered an advantage.

• Process Mindset: Comfortable working with structured incident response procedures playbooks and continuous process improvement initiatives.

• Communication: Ability to document and explain technical incidents clearly to both technical and non-technical stakeholders.

Qualifications

• Certifications: Holding or working towards relevant certifications such as OSCP GCED GCIA GCIH CySA eCDFP BTL1/2 is highly valued.

• Tooling: Familiarity with the Atlassian suite (Jira Confluence) ServiceNow or equivalent ticketing/documentation systems.

• Language Skills: Fluency in English (spoken and written) is required; additional Nordic or Central European language skills are a plus.

• Mindset: Self-driven detail-oriented and comfortable in both operational and developmental aspects of SOC Incident Response.

Nice to Have

• Purple Teaming Experience: Participation in purple team exercises or experience working with offensive tooling to simulate attacker behavior and improve detection.

• Cloud Security Exposure: Experience with security monitoring and incident response in public cloud environments (Azure AWS GCP).

• Threat Intelligence: Ability to consume validate and operationalize threat intelligence feeds into detection and response workflows.

• Tooling Development: Experience developing or enhancing internal SOC tooling (scripts dashboards automation frameworks etc.).

• Incident Exercises: Involvement in conducting or leading table-top exercises (TTX) or cyber drills.

• Customer Interaction: Experience in handling customer communication during incidents reporting or post-incident reviews.

• SOC Improvement Projects: Background in documentation creation playbook design and internal process optimization.

We offer:

• Contract is for an indefinite period of time > we count on you!

• work partially or completely remote > work from wherever it suits you

• extra holidays > we have 25 days off plus 2 sick days.

• we contribute from 10 400 CZK per year > you name it. Choose from contributions for pension and life insurance sports culture health travel or education in the cafeteria.

• educate yourself > we regularly organize and pay for IT courses certifications language training and personal development courses

• 107 CZK meal allowance on top of your salary

• reward for a new colleague > refer another colleague to us and get up to 80000 CZK

• well support you when youre sick > for colleagues who are seriously ill for a long period of time we contribute to sick pay in excess of the law

• extra work is appreciated > when overtime is needed we pay more than the law requires

• stay fit and fresh > in Ostrava use the free fitness facilities in the building in other locations do sports with Multisport

• Nordic culture > We believe in you. No one is breathing down your neck and checking every minute of your work. We are friendly and open.

#LI-Hybrid

#LI-TM1

At Tietoevry we believe in the power of diversity equity and inclusion. We encourage applicants of all backgrounds genders (m/f/d) and walks of life to join our team as we believe that this fosters an inspiring workplace and fuels commitment to openness trust and diversity is at the heart of our mission to create digital futures that benefit businesses societies and humanity.Diversityequity andinclusion ()