Senior Purple Operations Engineer (Cybersecurity)
ΠΠ°ΠΊΠ°Π½ΡΠΈΡ ΠΈΠ· Hirify Global, ΡΠΏΠΈΡΠΊΠ° ΠΌΠ΅ΠΆΠ΄ΡΠ½Π°ΡΠΎΠ΄Π½ΡΡ
tech-ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉΠΠ»Ρ ΠΌΡΡΡΠ° ΠΈ ΠΎΡΠΊΠ»ΠΈΠΊΠ° Π½ΡΠΆΠ΅Π½ Plus
ΠΡΡΡ & Π‘ΠΎΠΏΡΠΎΠ²ΠΎΠ΄
ΠΠ»Ρ ΠΌΡΡΡΠ° Ρ ΡΡΠΎΠΉ Π²Π°ΠΊΠ°Π½ΡΠΈΠ΅ΠΉ Π½ΡΠΆΠ΅Π½ Plus
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅ Π²Π°ΠΊΠ°Π½ΡΠΈΠΈ
TL;DR
Senior Purple Operations Engineer (Cybersecurity): Developing and tuning EDR, SIEM, and XDR detections to reduce false positives and enhance alert quality with an accent on translating red/purple team findings into defensive checks. Focus on automating response workflows, mapping detections to MITRE ATT&CK, and improving log data quality.
Location: Remote (Europe)
Company
is a remote-first organization in pursuit of sustainability.
What you will do
- Tune EDR, SIEM, and XDR detections to reduce false positives and improve alert quality.
- Build and maintain detection rules, correlation searches, dashboards, and response workflows.
- Translate Red Team, Purple Team, and Threat Intelligence findings into repeatable defensive checks.
- Validate EDR policies, prevention rules, logging, and sensor health.
- Improve log coverage, parsing, field normalization, enrichment, and overall data quality.
- Map detections to the MITRE ATT&CK framework and write portable content using Sigma.
Requirements
- Experience tuning EDR, SIEM, XDR, or SOC monitoring platforms.
- Strong understanding of endpoint, identity, cloud, network, and web attack behaviors.
- Practical experience writing detection logic in KQL, SPL, EQL, Lucene, Sigma, YARA, or similar.
- Familiarity with MITRE ATT&CK mapping and detection coverage analysis.
- Strong scripting ability in Python, PowerShell, Bash, or similar.
- Good understanding of SOC workflows, incident triage, escalation, and response playbooks.
Culture & Benefits
- Competitive salary with individual performance-based quarterly bonuses.
- 28 days of paid annual leave.
- Flexible core working hours from 10am to 3pm in your local time zone.
- Top-of-the-line equipment provided.
- Annual company retreats for internal networking.
- Referral and flash bonuses.
Hiring process
- Remote video screening with the Talent Acquisition Team.
- Online technical assessment via Hackerrank.
- Remote video interview with team members (60 minutes).
- Final discussion with the hiring manager (60 minutes).
ΠΡΠ΄ΡΡΠ΅ ΠΎΡΡΠΎΡΠΎΠΆΠ½Ρ: Π΅ΡΠ»ΠΈ ΡΠ°Π±ΠΎΡΠΎΠ΄Π°ΡΠ΅Π»Ρ ΠΏΡΠΎΡΠΈΡ Π²ΠΎΠΉΡΠΈ Π² ΠΈΡ ΡΠΈΡΡΠ΅ΠΌΡ, ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ iCloud/Google, ΠΏΡΠΈΡΠ»Π°ΡΡ ΠΊΠΎΠ΄/ΠΏΠ°ΡΠΎΠ»Ρ, Π·Π°ΠΏΡΡΡΠΈΡΡ ΠΊΠΎΠ΄/ΠΠ, Π½Π΅ Π΄Π΅Π»Π°ΠΉΡΠ΅ ΡΡΠΎΠ³ΠΎ - ΡΡΠΎ ΠΌΠΎΡΠ΅Π½Π½ΠΈΠΊΠΈ. ΠΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ ΠΆΠΌΠΈΡΠ΅ "ΠΠΎΠΆΠ°Π»ΠΎΠ²Π°ΡΡΡΡ" ΠΈΠ»ΠΈ ΠΏΠΈΡΠΈΡΠ΅ Π² ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΡ. ΠΠΎΠ΄ΡΠΎΠ±Π½Π΅Π΅ Π² Π³Π°ΠΉΠ΄Π΅ β
ΠΠΎΡ ΠΎΠΆΠΈΠ΅ Π²Π°ΠΊΠ°Π½ΡΠΈΠΈ
Senior SIEM/SOC Engineer (Cybersecurity)
SOC Detection Lead Expert (Cybersecurity)
Security Operations Engineer II (Cybersecurity)
Senior Cybersecurity Engineer (Defense Operations)
Threat Researcher (Cybersecurity)