While we are updating our website, some information and resources may still be hosted on Tietoevry Group's website or refer to Tietoevry Group for legacy reasons.
Thank you for your understanding during this transition.
Read moreOstrava, Brno
Regular
Application and Product Development
21 July 2025 - 30 December 2025
Tietoevry Tech Services
Join Tietoevry Tech Services Cyber Defence and Operations CZ and grow your career with security talents.
At Tietoevry Tech Services, we're at the forefront of digital innovation, committed to protecting businesses from today's sophisticated threats. Our Cyber Defense and Operations unit is a hub of excellence, composed of skilled professionals dedicated to safeguarding our clients' digital assets. We're currently seeking a SOC Incident Responder to join our dynamic team. This role offers the opportunity to work alongside seasoned experts in security threat analysis, incident response, threat detection and intelligence, and security architecture, contributing to our mission of delivering cutting-edge security solutions.
As a SOC Cybersecurity Incident Responder, you'll be an integral part of our team, responsible for identifying, analyzing, and mitigating cybersecurity incidents. Reporting to the Head of Global SOC, you'll collaborate with a team of professionals to ensure our clients' digital environments are secure and resilient.
Conduct in-depth incident investigations by correlating alerts, logs, endpoint telemetry, and threat intelligence.
Perform root cause analysis and assess the impact of cyber incidents on business operations and critical assets.
Lead containment, eradication, and recovery actions in collaboration with internal and customer teams.
Provide expert guidance to customers and internal analysts on remediation and hardening actions.
Perform forensic analysis of endpoints, servers, and cloud environments (memory dumps, file system, registry, etc.).
Conduct malware analysis (static and dynamic) to understand behavior and potential impact.
Participate in and help coordinate purple teaming exercises to identify detection gaps and improve defensive capabilities.
Support or lead incident post-mortems and RCA documentation.
Participate in (or facilitate) table-top exercises and simulations to ensure incident readiness.
Possible on-call duty (rotational or ad-hoc basis, depending on case severity or service modifications).
Develop, maintain, and refine incident response playbooks, workflows, and guidelines.
Re-establish and continuously improve the SOC Incident Response concept, aligning it with threat landscape and customer needs.
Document findings, lessons learned, and best practices to support SOC maturity.
Design and implement new detection and response methods based on threat landscape evolution and incident learnings.
Cooperate with SIEM and SOAR teams to integrate response automation into workflows.
Mentor and support SOC Analysts (T1–T3) through knowledge sharing, case reviews, and ad-hoc consulting.
Act as a subject matter expert (SME) for incident response in pre-sales, customer workshops, or audits.
Contribute to service development (e.g., Incident Response Retainer, DFIR as a Service).
Liaise with customers’ security teams during incidents and ensure proper escalation and communication flow.
Experience: 2–5 years of hands-on experience in cybersecurity, particularly in SOC, CSIRT, or CERT environments, with a strong focus on incident response and threat handling.
Analytical Skills: Proven ability to analyze and correlate diverse telemetry sources (e.g., SIEM, EDR, NDR, logs) to identify and understand complex attack patterns.
Threat Knowledge: Deep understanding of the threat landscape, security kill chain, and attacker techniques, tactics, and procedures (TTPs), ideally aligned with MITRE ATT&CK.
Technical Breadth: Strong knowledge of operating systems (Windows, Linux/*NIX), networking concepts (TCP/IP, DNS, HTTP/S, etc.), and enterprise IT environments.
Detection & Response: Demonstrated experience in threat detection across endpoints, networks, and/or cloud platforms, including investigation and containment actions.
Malware & Forensics: Familiarity with malware analysis (static or dynamic), file system analysis, and forensic investigation tools/processes is a strong plus.
Scripting & Automation: Experience with scripting (e.g., Python, PowerShell, Bash) for automation, enrichment, or tooling is considered an advantage.
Process Mindset: Comfortable working with structured incident response procedures, playbooks, and continuous process improvement initiatives.
Communication: Ability to document and explain technical incidents clearly to both technical and non-technical stakeholders.
Certifications: Holding or working towards relevant certifications such as OSCP, GCED, GCIA, GCIH, CySA+, eCDFP, BTL1/2 is highly valued.
Tooling: Familiarity with the Atlassian suite (Jira, Confluence), ServiceNow, or equivalent ticketing/documentation systems.
Language Skills: Fluency in English (spoken and written) is required; additional Nordic or Central European language skills are a plus.
Mindset: Self-driven, detail-oriented, and comfortable in both operational and developmental aspects of SOC Incident Response.
Purple Teaming Experience: Participation in purple team exercises, or experience working with offensive tooling to simulate attacker behavior and improve detection.
Cloud Security Exposure: Experience with security monitoring and incident response in public cloud environments (Azure, AWS, GCP).
Threat Intelligence: Ability to consume, validate, and operationalize threat intelligence feeds into detection and response workflows.
Tooling Development: Experience developing or enhancing internal SOC tooling (scripts, dashboards, automation frameworks, etc.).
Incident Exercises: Involvement in conducting or leading table-top exercises (TTX) or cyber drills.
Customer Interaction: Experience in handling customer communication during incidents, reporting, or post-incident reviews.
SOC Improvement Projects: Background in documentation creation, playbook design, and internal process optimization.
We offer:
Contract is for an indefinite period of time > we count on you!
work partially or completely remote > work from wherever it suits you
extra holidays > we have 25 days off plus 2 sick days.
we contribute from 10 400 CZK per year > you name it. Choose from contributions for pension and life insurance, sports, culture, health, travel or education in the cafeteria.
educate yourself > we regularly organize and pay for IT courses, certifications, language training and personal development courses
107 CZK meal allowance on top of your salary
reward for a new colleague > refer another colleague to us and get up to 80,000 CZK
we'll support you when you're sick > for colleagues who are seriously ill for a long period of time, we contribute to sick pay in excess of the law
extra work is appreciated > when overtime is needed, we pay more than the law requires
stay fit and fresh > in Ostrava, use the free fitness facilities in the building, in other locations, do sports with Multisport
Nordic culture > We believe in you. No one is breathing down your neck and checking every minute of your work. We are friendly and open.
#LI-Hybrid
#LI-TM1
Tietoevry Tech Services is a leading transformation and managed services provider focusing on Nordic based customers across various industries. With our full scope of digital solutions, including applications, multi-cloud, data-driven services and security, we help businesses to thrive and keep the Nordic societies running. We are a global team of more than 7 000 experts representing over 50 nationalities, delivering services to our customers by combining global capabilities with Nordic proximity. Our annual revenue is approximately EUR 1 billion.
Learn more about us HERE!