Senior Solution Engineer - Cybersecurity focus

About Group-IB:

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, and citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Each of us can help make the world a safer place. Join us!

The role:

This role blends cybersecurity and engineering expertise to deliver real-world impact across client environments.As a Solution Engineer, you will design, implement, and optimize integrations between Group-IB’s leading solutions (TI, ASM, DRP) and third-party platforms such as SIEM, SOAR, TIP, NGFW, and cloud services — transforming threat data into actionable defense strategies. You will collaborate with both internal teams and customer environments, combining deep technical expertise with a consultative mindset. From building enrichment workflows to influencing product integration roadmaps, your work will play a critical role in delivering scalable, high-impact security solutions. If you thrive in a fast-paced environment where strategy meets execution — and where your architecture directly empowers security teams to stay ahead — this role is for you.

Tasks to solve:

• Deploy, configure, and consult customers on TI/TIP, SOAR, and SIEM apps/add-ons — both internally and on the customer side — across TI, DRP, and ASM use cases.
• Support integration and troubleshooting processes for customer environments involving CTI feeds, enrichment pipelines, and incident response automation.
• Advise customers on preferred workflows, including actionable recommendations for SOAR playbooks and alert enrichment flows.
• Maintain internal and external knowledge base with working examples, implementation patterns, and common troubleshooting steps.
• Influence product and API integration roadmaps through structured feedback from field experience and customer cases.
• Contribute to new integration app designs, focusing on scalable architecture, data normalization logic, and platform interoperability.

Qualifications:

• 3–6 years in cybersecurity, with focus on TI/TIP, SIEM, SOAR, XDR.
• Strong knowledge of CTI standards* (STIX/TAXII, MITRE ATT&CK).
• Hands-on experience with: SIEM (incl. IBM Qradar, Splunk SE), SOAR platforms (e.g. Cortex XSOAR, Splunk SOAR).
• TI platforms (e.g. MISP, OpenCTI, Anomali, ThreatConnect, EclecticIQ).
• Basic Python skills: can write/debug scripts.
• Networking knowledge at CCNA level (DNS, DHCP, IP, OSI, SSL, VPN, VLAN, etc.).
• Linux fundamentals: experience with CLI, file systems, logs, services, and system-level debugging in Linux environments.
• Experience designing integration workflows – including enrichment, scoring, deduplication, playbook triggers.
• Strong troubleshooting skills:can debug feed ingestion, API auth, log parsing issues.
• Experience with Docker and Kubernetes – ability to deploy, configure, and debug containerized CTI components.
• Excellent communication & documentation skills:can interface with clients, technical writers, integration developers.
• Strong level of English to conduct conversation with clients.

Nice to have:

• Experience with Elastic Stack, Grafana, Microsoft Sentinel, Splunk Cloud, AWS, Azzure, GCP.
• Familiarity with Git, CI/CD pipelines.
• Knowledge of threat scoring logic and custom IOC handling.
• Experience in customer-facing roles or technical pre-sales support.

Why GROUP-IB?

Your happiness is important to us: We want every single team member to be happy.
Continuing professional development: At Group-IB, you can choose from various paths to growth: progress as an expert, advance to a management position, try your hand in another department, relocate abroad, or launch a new business area.
Group-IB.A team with extensive international expertise: Do you have experience but are looking for exciting challenges? By choosing us, you will be choosing complex tasks and continuously improving your skills in a fast-growing international company.
Globally recognized technologies: Group-IB's members are located in 25 countries, and our products and services are sold in 60 countries. What’s more, Gartner, IDC, and Forrester have ranked our technologies among the best in their class. We work with over 450 international partners and about 500 clients.
A culture created by each of us: Group-IB’s employees speak many different languages and understand one another. We respect each other's beliefs, share common values, and strive toward the happiness of every employee.
Economic stability: Group-IB's sustainable growth helps rapidly develop careers that would take years to progress as far as most other companies.

What else should you know:

Flexible schedule: Group-IB does not have fixed working hours. You choose your schedule. We adhere to the principle advocated by Steve Jobs: “We have to work not 12 hours and head. ”
Certificates and training courses: Group-IB specialists hold over 1,000 professional certificates, including CEH, CISSP, OSCP, GIAC, MCFE, BSI, as well as some rare ones that would be a source of pride for experts in forensics, penetration testing, and reverse engineering worldwide. We have an incentive program that helps employees achieve certifications at the company's expense.
Challenges: A wide selection of GIB programs helps you improve soft skills, gain new competencies, and receive monetary rewards.
The initiative is rewarded: At Group-IB, you can bring your most daring ideas to life. The company encourages technical blogging, writing articles, building sports teams, and other creative activities.