JSC Georgian Card is looking for a SOC Engineer to join our team.


As the SOC Engineer at JSC Georgian Card, you will be responsible for the engineering, development, and continuous improvement of the technical content and platforms that power our Security Operations Center. You will design, implement, and tune detection content across SIEM, EDR, and other security tools, while also developing automated response playbooks. You will serve as the technical escalation point for our security analysts, analyzing complex incidents and translating lessons learned into improved defenses. If you are a proactive, analytical, and technically skilled professional dedicated to enhancing security detection and response, this position is for you.



What you will do:

  • Design, develop, and maintain SIEM detection content, including correlation rules, queries, and dashboards.

  • Develop and tune detection content, custom indicators, and behavioral rules for EDR platforms.

  • Onboard new log sources and security telemetry into the SIEM, ensuring data quality and normalization.

  • Develop, maintain, and automate incident response playbooks using the SOAR platform.

  • Continuously tune detection content to reduce false-positive rates based on analyst feedback and incident analysis.

  • Serve as the primary technical escalation point for Tier 1 analysts on detection logic and platform issues.

  • Perform in-depth investigations and root-cause analysis for escalated and complex security incidents.

  • Operationalize threat intelligence by translating TTPs and IOCs into deployable detection content.

  • Develop and execute threat-hunting hypotheses across available telemetry and convert successful hunts into persistent detections.

  • Maintain and improve SOC infrastructure, including SIEM, EDR, and SOAR platforms.

  • Develop and maintain technical documentation for detection logic, playbooks, and architecture.

  • Mentor Tier 1 analysts on investigative techniques and the operation of SOC tooling.

  • Participate in red-team and purple-team exercises to improve detection coverage.

  • Ensure compliance with applicable information security standards (ISO 27001, NIST, PCI DSS).

What you have:

  • Bachelor's degree in Computer Science, Information Security, IT, or a related field; or equivalent practical experience.

  • Minimum 3 years of experience in cybersecurity operations or security engineering, with at least 1 year in a SOC environment.

  • Hands-on experience administering and developing content on an enterprise SIEM platform (e.g., Splunk, IBM QRadar, Microsoft Sentinel).

  • Practical experience with EDR platforms (e.g., Palo Alto Cortex, Microsoft Defender for Endpoint, CrowdStrike Falcon).

  • Demonstrated knowledge of the MITRE ATT&CK framework and the Cyber Kill Chain.

  • Working experience with SOAR platforms (e.g., Cortex XSOAR, Splunk SOAR) and playbook development.

  • Scripting and automation proficiency in at least one language such as Python, PowerShell, or Bash.

  • Strong understanding of Windows and Linux internals, Active Directory, and cloud platforms (Azure, AWS, GCP).

  • Working knowledge of network security technologies like firewalls, WAF, proxies, and VPNs.

  • Experience with log management, including Syslog, Windows Event Forwarding, and data normalization.

  • English language proficiency for technical documentation, communication, and reporting.

  • Strong engineering mindset, analytical and investigative aptitude, effective communication skills, self-directed work style, and a collaborative team orientation.

Preferred:

  • Relevant certifications such as GIAC (GCED, GCDA, GCIA), CompTIA CySA+, Microsoft SC-200, OffSec OSIR, or vendor-specific SIEM/EDR certifications.

What we offer:

  • Interesting and challenging job;

  • Competitive base salary, learning and developing opportunities.

Interested? Please fill in the information, attach your CV and submit by clicking “apply for position now”. The deadline for submitting applications is 15 Jul, 2026.

Apply for position now