Security Operations Engineer

This is a fully remote position, open to applicants in Germany.

📋 Description

• Design and develop SecOps tools, including SIEM, SOAR, vulnerability detection and management, EDR, logging pipelines, and user behavior analytics.

• Create architectural patterns and solution designs for the security tool ecosystem.

• Assess and integrate new tools and platforms to enhance detection, response, and automation capabilities.

• Construct and maintain scalable data ingestion, correlation, and alerting workflows for advanced detection and response.

• Collaborate with operations engineers to jointly uphold SecOps workflows and ensure platform reliability.

• Develop automation scripts, playbooks, and workflows in SOAR tools to elevate response efficiency and minimize analyst workload.

• Design and implement an internal SecOps product to provide detection and response capabilities for vulnerabilities, threats, and security incidents.

• Integrate with the internal observability product and broader corporate SOC functions.

• Deliver technical leadership during incidents, addressing tool behavior, data quality, and technical challenges.

• Develop, test, and operationalize detection capabilities based on evolving threats and platform telemetry.

• Create and maintain detection-as-code artifacts such as Sigma rules, YARA, KQL queries, and static analysis rules.

• Validate detection quality through adversary simulation, purple teaming, or continuous tuning.

⛳️ Requirements

• Over 5 years of experience in security operations, engineering, and cloud security tooling.

• Engineering experience with SIEM/SOAR, EDR platforms, logging, telemetry pipelines, scripting (Python, PowerShell, Go), and cloud-native security tools.

• Familiarity with infrastructure-as-code, CI/CD toolchains, and container orchestration (Kubernetes).

• Proficiency in threat modeling, detection engineering frameworks, TTP matrices, and MITRE ATT&CK.

• Experience in producing architecture artifacts, interface specifications, and onboarding guidelines.

• Knowledge of logging and detection solutions for cloud architectures.

• Fluent in English, both spoken and written (minimum C1).

🏝️ Benefits

• Flexible working hours.

• Freedom to choose your own projects.

• Access to exciting projects across various industries.

• Support for professional development.

• Competitive compensation.

• Dedicated team.