Detection & Response Platform Lead (Cybersecurity)

TL;DR

Detection & Response Platform Lead (Cybersecurity): Drive endpoint security strategy by owning detection and response platforms, engineering scalable detection solutions, and automating workflows with an accent on threat hunting, alert optimization, and cross-functional collaboration. Focus on building custom detection rules, tuning policies to reduce alert fatigue, and influencing preventive controls upstream to protect infrastructure at scale.

Fully remote within the EU or hybrid from offices in Belgium, Germany, Portugal, Spain, Italy, Netherlands. Must have right to work in the European country applying for; no sponsorship visas.

Company

Ecosystem of 60+ brands across 22 European countries providing hosting, e-commerce, SaaS, and online business services to 3.5 million SMB customers.

What you will do

• Own strategic direction, configuration, and optimization of detection & response platforms across infrastructure.
• Engineer scalable detection solutions: automate alert triage, build custom rules based on threat intelligence and incidents.
• Conduct threat hunting to identify gaps and validate efficacy.
• Partner with DevOps, operations, vulnerability management, and SaaS teams to strengthen preventive controls and reduce threats.
• Implement postmortems, share knowledge, document playbooks, and stay current on endpoint threats.

Requirements

• 5+ years in technical security roles: security operations, detection engineering, incident response, or system administration with security focus.
• Endpoint security expertise: understanding of Windows (Server), Linux, macOS.
• Detection engineering: developing rules, alerts, response workflows.
• Hands-on EDR/XDR experience (SentinelOne valued).
• Threat analysis: attack patterns, TTPs, translating to detections.
• Collaborative experience across IT, DevOps, business teams.
• Good English verbal and written.

Nice to have

• Automation: PowerShell, Python scripting.
• Security certifications.
• SOC/MDR service experience.
• MITRE ATT&CK knowledge.
• Cloud security: Azure, AWS, GCP.
• Multi-tenant SaaS/MSP experience.

Culture & Benefits

• Join Security Management team of 14, reporting to Group CISO; collaborate with operations and SaaS security teams.
• Remote-first: fully remote within EU, hybrid, or office-based with minimal travel for events.
• Work-life balance with healthy boundaries.
• Diversity & Inclusion focused: respect, openness, trusted collaboration.