Senior Security Engineer (DevSecOps)

Incident Response (IR) Readiness: Maintain the infrastructure used for Incident Response, ensuring log integrity and providing the necessary tools for rapid forensic analysis.
Platform & Data Engineering: Maintain and scale a High- Availability (HA) dual- pipeline stack: Wazuh (with OpenSearch indexer backend) and OpenObserve (parallel log analytics pipeline), connected via Apache Kafka for high- volume log streaming.
Continuous Monitoring & Audit: Build automated dashboards and alerts for Security Audits and real- time Monitoring of system integrity and compliance.
Automation & Scripting: Develop and maintain automation scripts (Python/Bash) for log enrichment, data correlation, and operational orchestration across the security stack.
Network Detection & Flow Analysis: Manage and tune network traffic analysis tools including Suricata IDS and ntopng for NetFlow/IPFIX- based traffic visibility across physical network segments.
Security Endpoint Management: Deploy and manage Security Endpoints (Wazuh Agents) across Windows and Linux environments to ensure 100% visibility.
Vulnerability Management: Orchestrate automated Vulnerability scans and integrate results into the centralized dashboard for remediation tracking.
Threat Hunting Support: Proactively develop custom decoders and rules to assist SOC analysts in Threat Hunting activities.

Technical Requirements
We are looking for proficiency in the following areas, with an openness to equivalent Open Source alternatives:
Endpoint & IDS

Expert knowledge of Wazuh (EDR/SIEM) and Suricata (IDS) for endpoint protection and network intrusion detection.

Network Flow Analysis
[NEW]

Hands- on experience with ntopng or equivalent NetFlow/IPFIX tools for network traffic visibility, bandwidth monitoring, and flow- based anomaly detection.

Vulnerability Tools

Experience with vulnerability scanners (e.g., OpenVAS, Nessus, or Wazuh’s native vulnerability detection module).

Data Pipeline
[UPDATED]

Hands- on experience with Apache Kafka (3- node cluster) for high- volume log streaming, and Nginx HA (active/standby with VIP) for reverse proxy and traffic distribution.

Log Management
[UPDATED]

Advanced skills in both OpenSearch (as Wazuh indexer backend, 3- node cluster) and OpenObserve (parallel analytics pipeline).
Must manage dual- pipeline architecture, not treat them as interchangeable alternatives.

Infrastructure

Strong Linux/Unix administration and experience with PostgreSQL HA (3- node replication and failover).

Log Source Integration
[NEW]

Experience integrating diverse log sources including:
firewall logs
cloud provider logs
ntopng flow data
Suricata IDS alerts
Linux syslog/auditd
application logs
Windows event logs (via Wazuh agents)

Auditing Knowledge

Familiarity with security frameworks/standards (ISO 27001, SOC2, or NIST) to implement Security Audit logs and compliance reporting.

Automation
[NEW]

Proficiency in Python and Bash scripting for log enrichment, automated threat hunting queries, data correlation, and operational orchestration.

Preferred Qualifications

Experience with forensic analysis tools and evidence preservation workflows.
Knowledge of SOAR platforms or custom orchestration for automated incident response.
Experience with container security and Infrastructure- as- Code (Ansible, Terraform).
Experience in Incident Response (analyzing attack vectors, lateral movement, and persistence).
Certifications: OSCP, GCIH, CISSP, or specialized Wazuh/Kafka certifications.

Architecture Overview

The candidate will be responsible for the following production stack:
Access Layer
Components: Nginx HA Reverse Proxy
Nodes: proxy01 / proxy02 (VIP: .200)
Presentation
Nodes: dash01, oo01/oo02
Components: Wazuh Dashboard, OpenObserve UI
Management
Components: Wazuh Manager HA
Nodes: wazuh01 / wazuh02
Indexing
Components: Wazuh Indexer (OpenSearch)
Nodes: indexer01 / 02 / 03
Data Pipeline
Nodes: kafka01 / 02 / 03
Components: Apache Kafka Cluster
Analytics
Components: OpenObserve (parallel pipeline)
Nodes: oo01 / oo02
Database
Components: PostgreSQL HA
Nodes: pg01 / 02 / 03
Endpoints
Scope: All managed endpoints
Components: Wazuh Agents (Windows & Linux)
Network Detection
Deployment: Physical appliances
Components: Suricata IDS, ntopng Flow
Other Sources
Components: Firewalls, Cloud, App Logs
Scope: Various

Why Join Us?

Modern Tech Stack: No legacy black- box SIEMs. You will work with a high- performance, open- source- centric architecture featuring a dual- pipeline design (OpenSearch + OpenObserve) for maximum flexibility.
Real Engineering Challenges: Direct impact on a growing infrastructure with real engineering challenges across HA clustering, data streaming, and endpoint security at scale.
Full Spectrum Security: You aren’t just managing a tool; you are building the foundation for our Threat Hunting and Incident Response capabilities.
Security Culture: Work in an environment where Security Audits and Vulnerability management are prioritized, not just “check- the- box” activities.

Benefits:

Sponsor and encourage staff to study courses by covering tuition fees, such as Udemy, Coursera.
Salary: Up to 50M
13 months’ salary per year.
Annual salary evaluation.
Join a global team and work directly with many talents around the world.
Healthcare: Premium Health Insurance TECHVIFY Care
Work and grow in a dynamic, creative, and professional environment.

Cập nhật gần nhất lúc: 2026-04-16 14:00:08