Senior Operations Engineer

This is a fully remote position, open to applicants in Europe.

📋 Description

• Optimize EDR, SIEM, and XDR detections to minimize false positives and enhance alert quality.

• Develop and sustain detection rules, correlation searches, dashboards, watchlists, and response workflows.

• Convert findings from Red Team, Purple Team, incidents, and Threat Intelligence into repeatable defensive measures.

• Ensure that EDR policies, prevention rules, logging, sensor health, and response actions function as intended.

• Evaluate excessive alerts and adjust thresholds, exclusions, lookups, entity context, and suppression logic.

• Assist SOC analysts by providing clear alert descriptions, triage procedures, severity logic, and escalation guidance.

• Enhance log coverage, parsing, field normalization, enrichment, and data quality.

• Align detections with MITRE ATT&CK where applicable. ATT&CK is commonly used to articulate adversary tactics and techniques based on real-world data.

• Create portable detection content utilizing formats like Sigma, which is designed for generic signature formatting in SIEM detections.

• Monitor detection gaps, trends in false positives, alert health, and overall platform performance.

⛳️ Requirements

• Proven experience in tuning EDR, SIEM, XDR, or SOC monitoring platforms.

• Comprehensive understanding of attack behaviors related to endpoint, identity, cloud, network, and web.

• Hands-on experience developing detection logic using KQL, SPL, EQL, Lucene, Sigma, YARA, or similar languages.

• Familiarity with MITRE ATT&CK mapping and the analysis of detection coverage.

• Capability to translate findings from Red Team, Purple Team, and incidents into clear detection logic.

• Experience in reducing false positives through rule tuning, exceptions, automation, and improved entity context. Microsoft Sentinel facilitates this via automation rules and analytics rule modifications.

• Strong scripting skills in Python, PowerShell, Bash, or similar scripting languages.

• Solid understanding of SOC workflows, incident triage, escalation procedures, and response playbooks.

• Excellent documentation skills.

🏝️ Benefits

• A competitive salary with individual performance-based bonuses every quarter.

• 28 days of paid annual leave.

• Our core working hours are from 10am to 3pm in your local time zone, with flexibility outside of these hours.

• Referral bonuses and flash bonuses.

• Top-of-the-line equipment provided.

• Annual company retreats to foster excellent internal networking opportunities.