Security Engineer 'Incident Response & Cyber Threat Intelligence'

About:

Yapı Kredi Technology is a technology company that produces innovative, high quality, and high value-added products and solutions in the finance sector. With more than 2.000 employees, it aims to create products that will shape the sector for Yapı Kredi Bank and to be the undisputed leader in the field of technology by using modern architectural systems and cloud technologies. It also contributes to the development of new and exemplary products for the sector by using natural language processing, machine learning, artificial intelligence, and data mining technologies with its R&D team.

Who We Are:

At Yapı Kredi Technology, we research with passion, wonder as we learn, and implement innovations that shape the future together. We take responsibility from the first day with our expert colleagues and work with all our strength for pioneering applications. We make quick decisions and take action. We quickly adapt to innovations and changes.

What Do We Offer:

📌 Opportunity to work in hybrid model

💻Opportunity to work in Koç Group Community Companies' offices

🌴Chance to discover the natural wonders and amenities offered at Koç Toplululuğu Spor Kulübü (KTSK)

🚀Career development opportunities in a structured technology career path

💫 Opportunity to benefit from BizClub and KoçAilem privileges exclusive to Yapı Kredi Technology employees

🤝Company-contributed individual retirement insurance

🎂 Birthday off day

About the Role

We are looking for a Security Engineer to join our Cyber Security Incident Management team, with experience in Incident Response and Threat Intelligence (SOC L2/L3) .

Qualifications:

• 6+ years of experience in SOC (Security Operations Center) environments, at least 3 years in L2/L3 roles,
• Strong hands-on knowledge of Incident Response,
• Experience in responding cyber incidents in large enterprise environments. (Ability to work under the expected pressure of a cyber incident),
• Proficiency in Threat Intelligence, including IOC analysis, threat actor profiling, and intelligence lifecycle management,
• Solid hands-on experience in Digital Forensics (evidence acquisition, chain of custody, artifact analysis, reporting),
• Intermediate-level knowledge in Malware Analysis (static/dynamic analysis, sandbox behavior) is preferred,
• Practical experience with Threat Hunting (MITRE ATT&CK, Sigma, YARA, TTP-based hunting),
• Familiarity with SIEM, EDR, SOAR tools, and hands-on experience in advanced log analysis,
• Ability to analyze network traffic, endpoint telemetry, and security artifacts to detect suspicious activity,
• Strong understanding of cyber kill chain and modern attacker techniques,
• Strong knowledge of SIEM use case design principles and experience in developing advanced rulesets and designing SOAR playbooks,
• Scripting experience (Python, PowerShell, Bash) is strongly preferred,
• Strong analytical and documentation skills,
• Good command of written and spoken English,
• At least 2 of the following certifications are strongly preferred: SANS GCFA, GCFE, GCIH, GCTI, GNFA or GREM,
• At least one of the following certifications are a plus: Offensive Security OSCP, OSEP, OSWE. ISC2 CISSP, SSCP.

Job Description:

• Serve as an L2/L3 SOC Analyst, handling advanced investigation, correlation, and escalation of security incidents,
• Lead and execute full Incident Response processes, including containment, eradication, recovery, and post-incident documentation,
• Conduct Threat Intelligence activities: monitoring feeds, enriching IOCs, producing tactical/operational intelligence reports,
• Perform Digital Forensics on endpoints, servers, and network systems while maintaining evidence integrity and producing detailed reports,
• Execute proactive Threat Hunting operations to identify hidden or emerging threats using TTP-driven methodologies,
• Conduct initial and intermediate Malware Analysis to support incident investigations and detection engineering,
• Develop and enhance detection logic: SIEM rules, correlation use cases, YARA/Sigma signatures, and SOAR playbooks,
• Improve SOC workflows, IR runbooks, and hunting methodologies through continuous enhancement,
• Collaborate with Red Team, engineering units and other security teams to improve the organization’s defensive posture,
• Prepare clear, concise technical documentation for incidents, forensic cases, and threat intelligence outputs,
• Continuously monitor evolving threats, malware trends, vulnerabilities, and attacker techniques to support proactive defense.

Candidate Selection Process:

Our recruitment process for all positions typically encompasses technical interviews, director assessments, competency evaluations, and personality tests. We will extend our offer to candidates who have successfully completed a positive evaluation process.

6698 sayılı Kişisel Verilerin Korunması Kanunu kapsamında kişisel verilerinizin işlenmesinden doğan haklarınıza ve bu konudaki detaylı bilgiye https://kariyerim.yapikredi.com.tr/Account/StaticKvkk adresinde yer alan aydınlatma metnimizden ulaşabilirsiniz.