Detection (SIEM/SOC) Engineer

The relentless fight against cybercrime is our daily mission. Our Security team is on the frontlines, building a robust defense system with solid security tools and vigilant monitoring. We don’t just react — we proactively engineer a layered security posture with strong processes and training programs to make passive defenses our first line of attack.

Each day, we leverage a powerful arsenal of industry-trusted security solutions, including, but not limited to, EDR/XDR, MDM, HIDS, NIDS, DLP, or SOAR solutions. We collect threat intelligence information and absorb it in our systems to strengthen our company’s security posture and prevent cybersecurity incidents.

But the real power comes from our engineers, who craft the tools and processes that keep us ahead of the curve. As a Detection (SIEM/SOC) Engineer, you’ll design, plan, and test engineering detection rules, playbooks, and automations, the foundation for our security monitoring and response.

If you want to:

• Design, develop, and implement SIEM rules and detections to optimize threat identification accuracy, including threat intelligence feeds, such as MISP;

• Fine-tune detection rules to minimize false positives and negatives;

• Configure and maintain log sources across diverse systems for comprehensive data collection;

• Develop and implement SOAR workflows to automate incident response tasks;

• Fine-tune, and oversee SOAR platforms ( Wazuh, TheHIVE, Cortex, IRIS) to streamline incident response activities;

• Collaborate with the SOC team to ensure effective incident response, threat hunting, and utilization of threat intelligence sources;

• Configure and maintain behavioral IDS/IPS systems (Snort, Suricata) for intrusion detection and prevention.

And you can check off:

• >5 years experience in overall IT operations, including >2 years in information security response and investigations or SIEM management;

• 3+ years operating and supporting a large enterprise environment;

• Strong work experience with SIEM solutions and understanding of SIEM Architecture and its components alongside regular operations such as queries, alerts, and dashboards;

• Familiarity with threat intelligence feeds and their integration with SIEM environments;

• General experience in threat detection on network and cloud-based infrastructure;

• Expertise with IDS/IPS solutions;

• Experience with process automation / at least one primary SOAR tool;

• Analytical thinking, with a desire to learn, teach, and share with others.

Bonus points if you:

• Are already certified on (or planning to achieve): SANS GIAC Security Information and Event Management (GISM), SANS GIAC Certified Detection Analyst (GCDA), (ISC)² Security Automation and Orchestration Specialist (SAOS), (ISC)² Systems Security Certified Practitioner (SSCP), or CompTIA Cybersecurity Analyst (CySA+);

• Have experience with basic forensics and/or Public Cloud (Azure, GCP, or AWS) and SQL;

• Can do advanced scripting (Powershell, Python, etc).

Here’s the deal:

• Growth and learning opportunities: time dedicated to learning, conferences, online learning platforms, and books for your professional development;

• Health and wellness: we want you to feel and be your best. That's why we offer various benefits, from online workouts and a physical coach to health insurance and regular mental health checks;

• Tools of your choice: choose the technical equipment and tools you need to do your best work;

• Community and celebrations: get ready for long-lasting traditions such as yearly workation, Friday get-togethers, various team buildings and company celebrations;

• Work-life balance: as a general rule, we work based on a 3+2 hybrid model. And let’s not forget the WFA policy – an opportunity to work from anywhere in the world;

• More days off: additional vacation days depending on your tenure;

• Premium Surfshark accounts: for you, your family, and friends;

• Gross salary: 2980-4630 Eur/month. Although it may vary depending on your skills and experience.