Security Operations Engineer

Role description:

As a Security Operations Engineer, you will play a pivotal role in supporting the expansion of the ALaM program by onboarding new paramount applications into our monitoring scope. You will be instrumental in delivering SIEM use cases, detection logic, and verification activities essential for achieving DORA compliance by the end of 2026.

This role is heavily focused on SIEM engineering, threat modelling, rule optimization, testing, and workshop facilitation. Your expertise and proactive approach will directly contribute to strengthening our security posture, improving alert fidelity, and ensuring robust monitoring capabilities across our critical applications.

Tasks & Responsibilities:

• Detection Engineering: Build, optimize, and maintain SIEM detection rules (preference for Microsoft Sentinel).
• Testing & Automation: Test and verify existing and newly created use cases, and automate testing processes through scripting.
• Application Onboarding: Support the onboarding of paramount applications into the monitoring scope.
• Requirements Gathering: Work closely with application teams to gather logging requirements and detection inputs.
• Workshop Facilitation: Run and moderate workshops with application owners to align on security capabilities and threat landscapes.
• Technical Documentation: Produce comprehensive documentation for detection logic, threat profiles, and verification results.
• Collaboration: Collaborate effectively with the SOC, engineering teams, and red teams to improve alert fidelity and incident response efficiency.
• Compliance Delivery: Contribute to Threat Verification activities and deliver outputs according to ALaM and DORA timelines.

Skills and experience you will need:

• SIEM Expertise: Strong hands-on experience with SIEM platforms, with a strong preference for Microsoft Sentinel.
• Engineering & Rules: Proven experience in detection engineering, rule creation, and rule testing.
• Scripting & Automation: Ability to automate testing and validation processes using Python, PowerShell, Bash, or similar languages.
• Communication Skills: Strong communication skills in English (spoken and written), with the proven ability to confidently lead and moderate workshops.
• Infrastructure Knowledge: Familiarity with cloud platforms (Azure/AWS), operating systems (Windows, Linux), and databases (SQL/Oracle environments).
• Independence: Ability to work independently and efficiently in a high-volume onboarding environment.

Technology Stack

• SIEM & Security: Microsoft Sentinel.
• Cloud & Infrastructure: Azure, AWS, Windows, Linux, SQL, Oracle.
• Scripting & Automation: KQL, Python, PowerShell, Bash.

Preferred Qualifications

• Threat Modelling: Experience in conducting threat modelling and building threat profiles.
• Regulatory Frameworks: Familiarity with DORA (Digital Operational Resilience Act) compliance requirements

What we offer:

• The opportunity to participate in a variety of projects
• Multisport Plus card
• Private medical care (LUX MED)
• Group insurance
• Access to comprehensive psychological support, individual sessions with coaches and psychodietitians, as well as inspiring webinars
• Remote work from any location, or a hybrid model using our office located in Poznań
• A home office package to increase remote work comfort (chair, additional monitor, ergonomic mouse, etc.)
• Modern office equipped with amenities such as a pool table, foosball, darts, and relaxation zones
• Opportunities to spend time together after work — combining our employees’ passions through ski trips, cycling tours, and sailing adventures
• Regular company-wide and team-based integration events, as well as many other occasions to meet and exchange ideas with colleagues
• Celebrations of important moments in the lives of our employees
• An open approach to new ideas and initiatives, including charity actions