Security Operations Lead

This is a fully remote position, open to applicants in Croatia.

📋 Description

• Develop, implement, and continually enhance vital security programs, serving as the primary technical authority for Data Loss Prevention (DLP) to protect sensitive company information throughout the environment.

• Architect and refine our Security Information and Event Management (SIEM) platform. Manage log ingestion strategies, create complex custom detection rules, and utilize scripting (e.g., Python, PowerShell) to automate alert triage and response workflows.

• Spearhead proactive vulnerability hunting and assessment efforts. Regularly assess infrastructure weaknesses and collaborate closely with IT and infrastructure teams to facilitate and monitor the remediation of identified risks.

• Function as the main technical responder and incident commander during security incidents. Conduct in-depth forensic analysis, coordinate technical investigations, and lead cross-departmental teams through containment, eradication, and post-incident evaluations.

• Assess, implement, and sustain the operational security technology stack. Ensure tools integrate smoothly with the existing environment, continuously optimizing them to minimize false positives and maximize return on investment.

• Act as a subject matter expert and technical mentor within the broader technology organization, promoting a culture of security awareness and collaborative risk management.

⛳️ Requirements

• Over 5 years of dedicated experience in Cybersecurity, with a minimum of 3 years focused primarily on Security Engineering, Incident Response, or advanced Security Operations.

• Demonstrated success operating as a senior individual contributor, technical lead, or system architect.

• Extensive, hands-on knowledge in engineering and fine-tuning enterprise SIEM solutions (e.g., Sentinel) and DLP platforms (e.g., Nightfall).

• Proficient in scripting languages (such as Python, PowerShell, or Bash) specifically for security automation, data parsing, and API integrations.

• Strong practical comprehension of network protocols, threat actor tactics, techniques, and procedures (TTPs), and the MITRE ATT&CK framework.

• Advanced, practitioner-oriented industry certifications such as GCFA (GIAC Certified Forensic Analyst), GCIA (GIAC Certified Intrusion Analyst), OSCP (Offensive Security Certified Professional), or CISSP.

🏝️ Benefits

• Comprehensive health insurance coverage.

• Retirement savings plan with company matching.

• Generous paid time off and flexible work arrangements.

• Opportunities for professional development and continuous learning.