SOC Engineer L2/L3

This is a fully remote position, open to applicants in Europe.

📋 Description

• Develop and implement the SIEM from Proof of Concept to production, including case management and User and Entity Behavior Analytics (UEBA), while taking full responsibility for the selection of technology.

• Create, write, and optimize detection rules aligned with MITRE ATT&CK, addressing identity compromise, privilege escalation, lateral movement, and endpoint threats.

• Assess and investigate Level 2/Level 3 alerts, minimize false positives, and establish clear escalation pathways for each use case.

• Lead incident response and basic forensics, focusing on containment, eradication, and structured lessons learned.

• Integrate log sources from AWS, JumpCloud, Google Workspace, Cardholder Data Environment (CDE), and SWIFT.

• Conduct threat hunts based on realistic attack hypotheses tailored to the risk profile of a payment platform.

• Develop and maintain runbooks and playbooks; automate repetitive tasks using Security Orchestration, Automation, and Response (SOAR) or scripting.

• Define metrics for the Security Operations Center (SOC) and take ownership of monthly reporting to management regarding detection coverage and response performance.

⛳️ Requirements

• A minimum of 3 years of experience in SOC / Detection & Response at Level 2/Level 3, with hands-on investigation skills.

• Practical experience in building or managing a SIEM, including the creation and optimization of detection rules.

• Expertise in detection engineering with MITRE ATT&CK mapping; proficient in KQL, SPL, or equivalent query languages.

• Experience in investigating cloud log sources such as AWS CloudTrail, GuardDuty, Google Workspace, and EDR/XDR.

• Proficiency in scripting and automation (Python or similar) for telemetry processing and routine tasks.

• Strong understanding of attacker techniques and their manifestation in logs—beyond just tool knowledge, encompassing a deep understanding of threats.

• Ability to remain organized under pressure, with a disciplined investigation process, thorough documentation, and clean post-mortem reports.

• Experience with SOAR and a detection-as-code methodology (including version control for rules and CI pipelines for detection).

• Familiarity with UEBA, threat intelligence enrichment, or contextualization of alerts at scale.

• Knowledge of payment-specific environments, including CDE monitoring, SWIFT, and PCI DSS compliance.

• Experience in purple teaming, collaborating with an offensive security team.

🏝️ Benefits

• Over 30 days of leave.

• Unlimited sick leave.

• Complimentary office meals.

• Health insurance coverage.

• Apple equipment to enhance productivity.

• Access to courses, conferences, sports, and wellness benefits.