Senior Purple Operations Engineer
Tasks
- Build and maintain detection rules correlation searches dashboards watchlists response workflows
- Improve log coverage parsing field normalization enrichment data quality
- Map detections to MITRE ATT&CK
- Support SOC analysts with alert descriptions triage steps severity logic escalation guidance
- Track detection gaps false positive trends alert health platform performance
- Translate threat intelligence and Red Team Purple Team findings into defensive checks
- Tune EDR SIEM XDR detections to reduce false positives
- Tune noisy alerts thresholds exclusions lookups entity context suppression logic
- Validate EDR policies prevention rules logging sensor health response actions
- Write detection content using Sigma
Perks/Benefits
- Annual company retreats
- Flexible core hours
- Paid annual leave
- Referral bonuses
- Remote-first
- Top of the line equipment
Skills/Tech-stack
Analytics rules | Automation rules | Bash | Cloudflare | Correlation rules | CrowdStrike Falcon | Data Normalization | Defender XDR | Detection and Response | Detection engineering | EQL | Elastic Security | Endpoint Detection and Response | Endpoint detection | Enterprise Security | Entra ID | Event Query Language | Event management | Extended Detection and Response | Google SecOps | Google Workspace | KQL | Kubernetes | Kusto Query | Kusto Query Language | Log Parsing | Lucene | MITRE ATT&CK | Microsoft Defender | Microsoft Defender XDR | Microsoft Sentinel | Okta | Osquery | Powershell | Python | Query Language | SIEM | SPL | Search Processing | Search Processing Language | Security Information | Security Information and Event | Security Information and Event Management | Sigma | Splunk Enterprise | Splunk Enterprise Security | Suricata | Sysmon | Threat detection | XDR | Yara | Zeek
Education
N/A
Related jobs
-
Backend Engineer | Mid - Senior | Go | Core Team EUR 42K-86KCassandra | Clean Code | Docker | Elasticsearch | GitExtra days off | Gym access | Hybrid work | Mental health support | Onsite and online workoutsSenior-level Full TimeVilnius R1d ago
-
API Security | Active Directory | Application exploitation | Azure | Bug BountyEnglish classes | Hackathons | Hybrid work | Lunch package | MacBook or Dell equipmentSenior-level Full TimeWarszawa, PL, 00-841 R1d ago
-
AI guardrails | API Security | Active Directory | Application Security | AzureCafeteria benefits | English classes | Hackathons | Health insurance | Hybrid workSenior-level Full TimeWarszawa, PL, 00-841 R1d ago
-
Cloud Security Engineer GBP 75K-85KAWS | Bot management | Cloud Security | Cloud Security Posture | Cloud Security Posture ManagementAnnual leave | Birthday day off | Buy and sell holiday | Company bonus | DiscountsSenior-level Full TimeLondon, United Kingdom R1d ago
-
Correspondant Sécurité des SI Groupe H/F EUR 55K-70KData Privacy | GRC | IAM | ISO 27001 | Incident ManagementFlexible working hours | Frequent international travel | Telework possibleSenior-level Full TimeEurope, France, Paris, Boulogne Edouard Vaillant R1d ago
-
Senior Embedded Software Engineer m/w/d Fokus Cybersecurity, hybrid Berlin, 65.000 - 80.000 A EUR 65K-80KAuthentication | Automated testing | C# | C++ | Code reviewCollaborative team culture | Flat hierarchy | Flexible working hours | Mobile work | Modern work toolsSenior-level Full TimeBerlin, Germany R1d ago
-
Senior Security Engineer EUR 42K-79KAWS | Application Security | CI/CD | Cloud Security | CloudflareCompany events | Company laptop | Flexible working hours | Free English Spanish lessons | Fully remote optionSenior-level Full TimeMarbella, Spain R1d ago
-
Access Management | Admission Controller | Ansible | CI/CD | Container SecurityCareer acceleration | Continuous learning culture | EMEA region flexibility | Flexible work arrangements | Fully remoteSenior-level Full TimeNetherlands R1d ago
-
AWS | Access Management | Admission controllers | Ansible | AzureCareer development | Coworking access | Flexible schedule | Fully remote | Inclusive workplaceSenior-level Full TimeIreland R1d ago
-
AWS | Access Management | Admission controllers | Ansible | AzureCareer growth | Coworking access | Flexible work arrangements | Fully remote | Inclusive cultureSenior-level Full TimeSwitzerland R1d ago
-
AWS | Access Management | Admission Controller | Ansible | AzureCareer acceleration | Flexible work arrangements | Fully remote | Inclusive and diverse workplace | Optional coworking accessSenior-level Full TimeFrance R1d ago
-
AWS | Access Management | Admission controllers | Ansible | AzureCareer development | Coworking access | Flexible work arrangements | Fully remote | Inclusive workplaceSenior-level Full TimeGermany R1d ago
-
AWS | Admission Controller | Ansible | Azure | CI/CDCareer growth | Continuous learning | Flexible work arrangements | Fully remote | Inclusive diverse workplaceSenior-level Full TimeSpain R1d ago
-
Director, Security Operations EUR 88K-104KAutomation Pipelines | CSIRT | Detection and Response | Detection-as-code | Digital forensicsComprehensive health coverage | Employee assistance program | Flexible paid time off | Home office setup support | LastPass Families free accountExecutive-level Full TimeRemote - Ireland R2d ago
-
AI workflows | CI/CD | Cloud Security | Code review | ContainerizationConnectivity stipend | Enhanced Holiday Periods | Family insurance | Flexible paid time off | Fully remoteSenior-level Full TimeSwitzerland R2d ago
-
Access reviews | CI/CD | Cloud infrastructure | Code review | Compliance AuditsConnectivity stipend | Family insurance | Flexible paid time off | Fully remote | Global flexibilitySenior-level Full TimeFrance R2d ago
-
Access Review | Application Security | Automation | CI/CD | Cloud SecurityConnectivity stipend | Family insurance | Flexible paid time off | Fully remote work | Health insuranceSenior-level Full TimeSpain R2d ago
-
AI tools | Access reviews | Application Security | Automation | CI/CDConnectivity stipend | Family insurance options | Flexible paid time off | Global flexibility | Health insurance optionsSenior-level Full TimeGermany R2d ago
-
API | Access Management | Automation | Change Management | Cloud IAMCollaborative innovation focused culture | Continuous learning and improvement | Fully remote work | Opportunity for autonomy | Remote work across EuropeSenior-level Full TimeRomania R2d ago
-
API Integration | Access Management | Access reviews | Automation | Cloud IAMAutonomy and ownership | Continuous learning culture | Equity participation | Fully remote work | Performance bonusSenior-level Full TimeItaly R2d ago
-
API Integration | Access reviews | Audit Readiness | Cloud IAM | ComplianceCollaborative innovation driven culture | Continuous learning and improvement | Equity participation | Fully remote work | High visibility security initiativesSenior-level Full TimePortugal R2d ago
-
API Integration | Access Management | Access reviews | Audit Readiness | AutomationAutonomy | Collaborative culture | Continuous learning | Equity participation | Fully remote across EuropeSenior-level Full TimeNetherlands R2d ago
-
API | Access Management | Alert Monitoring | Automation | Cloud IAMCollaborative innovation focused culture | Continuous learning and improvement | Equity participation program | Fully remote work across Europe | Performance bonus opportunitiesSenior-level Full TimeIreland R2d ago
-
APIs | Access Management | Access reviews | Automation | Change ManagementAutonomy in security initiatives | Collaborative learning focused culture | Equity participation | Fully remote work | Performance bonusSenior-level Full TimeSwitzerland R2d ago
-
API | Access Management | Access Review | Automation | Change ManagementAccess to modern security tooling | Collaborative innovation driven culture | Equity participation | Fully remote | High visibility security initiativesSenior-level Full TimeFrance R2d ago