Security Operations Engineer

Optional, Elastic SIEM, Splunk, Datadog Security, Microsoft Sentinel, CrowdStrike Falcon, SentinelOne, Wazuh, Nessus, OpenVAS, Qualys, Security Groups, IAM, CloudTrail, GuardDuty, Bash, Python, Tines, Shuffle, Splunk SOAR, Zeek, Suricata, Wireshark, Cloudflare Access, Tailscale, NetBird

Operating system, Windows, Linux

About the project, We are looking for a Security Operations Engineer to monitor, detect, and respond to threats across our infrastructure and services. You will own security monitoring and incident response, including SIEM operations, alert triage, and threat investigation. You will work closely with DevOps and engineering teams to improve detection capabilities and strengthen system security.

Your responsibilities, Monitor and triage security alerts from SIEM, EDR, and cloud security tools, Investigate security incidents, contain threats, and contribute to post-incident reviews, Maintain and tune detection rules to improve signal quality and reduce false positives, Track and coordinate vulnerability remediation across infrastructure and services, Perform access control reviews, privileged account audits, and maintain IAM hygiene, Maintain security runbooks, playbooks, and incident response documentation, Support SOC 2 and ISO 27001 audits, including evidence collection, control validation, and gap remediation, Conduct scheduled internal security assessments and assist with penetration test scoping, Collaborate with DevOps on system and cloud configuration hardening

2+ years in a security operations, SOC, or similar role, Experience with at least one SIEM platform (e.g., Elastic SIEM, Splunk, Datadog Security, Microsoft Sentinel), Experience with alert triage, log analysis, and basic threat hunting, Familiarity with the MITRE ATT&CK framework for incident classification, Experience with at least one EDR platform (e.g., CrowdStrike Falcon, SentinelOne, Wazuh), Experience with vulnerability scanning tools (e.g., Nessus, OpenVAS, Qualys), Working knowledge of AWS or GCP security controls (e.g., Security Groups, IAM, CloudTrail, GuardDuty), Operational-level Windows & Linux administration (e.g., log analysis, process inspection, basic system hardening), Familiarity with containerized environments (Docker, Kubernetes) from a security perspective, Experience supporting SOC 2 or ISO 27001 audits, Ability to write clear incident reports, runbooks, and policy documentation, Experience with access review processes and IAM audits, Scripting proficiency in Bash or Python for operational automation (e.g., log parsing, report generation), No advanced software development experience required

Optional, Experience with SOAR platforms (e.g., Tines, Shuffle, Splunk SOAR), Experience with network traffic analysis tools (e.g., Zeek, Suricata, Wireshark), Familiarity with threat intelligence feeds and IOC management, Experience with zero-trust tools (e.g., Cloudflare Access, Tailscale, NetBird), Relevant certifications (e.g., CompTIA Security+, CEH, GCIH)

This is how we work, in house, you have influence on the choice of tools and technologies, you have influence on the technological solutions applied

Team members, backend developer, fullstack developer, technical leader

What we offer, Competitive salary, Remote-first, async-friendly team, Dedicated budget for security tooling and training, Clear growth path toward Senior SecOps or DevSecOps Engineer, with increasing ownership of detection engineering, automation, and security architecture

Benefits, private medical care, sharing the costs of foreign language classes, sharing the costs of professional training & courses, remote work opportunities, flexible working time, fruits, integration events, no dress code, coffee / tea, drinks, parking space for employees, employee referral program

Recruitment stages, HR Interview, Technical interview, Third interview, Information about the decision