Security Operations Engineer – SIEM/SOAR
Budapest, Budapest, Hungary
Full Time
3 weeks ago
No Sponsorship
Key skills
PythonPowerShellAnalytics
About this role
Role Overview
- Shape and continuously evolve the detection and response capabilities at the heart of our Cyber Defense Center
- Ensure that our security platforms deliver meaningful, actionable insights
- Turn threat intelligence, adversary behavior, and incident lessons learned into effective detection logic and automated response workflows
- Define and document detection use cases aligned with CDC priorities, threat intelligence, and MITRE ATT&CK techniques
- Stay informed about current attack patterns to finetune detection use cases based on emerging threats, TTPs, and incident lessons learned
- Maintain and modify SIEM and EDR analytic rules across the detection lifecycle
- Finetune analytic rules to improve signal to noise ratio and reduce false positives
- Design, configure, and maintain SOAR response playbooks to automate and orchestrate incident response actions
- Manage watchlists, reference sets, and exception lists used by analytic rules and playbooks
- Manage user accounts and permissions for the SIEM system and related detection tooling
- Create custom queries, searches, and reports to support investigations, hunting, and operational reporting
- Assist SOC analysts with analysis and troubleshooting of integrations, analytic rules and alert behavior
- Collaborate with Threat Intelligence, SOC, CIRT, and platform teams to continuously improve detection coverage and response automation
Requirements
- Degree in Computer Science, IT Security, or a related field, or equivalent work experience
- Several years of hands‑on experience in detection engineering, SOC engineering, or security operations
- Strong drive to achieve high quality alerting, detection and response capability with MITRE ATT&CK alignment, emerging threats developments, and real‑world attack patterns
- Experience in building, tuning, and maintaining SIEM and EDR analytic rules in production environments
- Experience creating custom queries, searches, dashboards, and reports to support SOC operations
- Solid understanding of log sources, event parsing, normalization, and enrichment
- Ability to design and implement SOAR playbooks to automate enrichment, triage, and response workflows
- Competence in writing queries, correlation rules, and analytics using SIEM query languages (e.g., KQL, SPL, AQL) and common detection frameworks (e.g., Sigma)
- Ability to translate threat intelligence and adversary behavior into effective detection use cases
- Capability to align detections and response logic with MITRE ATT&CK, emerging threats, and realworld attack patterns
- Working knowledge of APIs and integrations for connecting SIEM, SOAR, EDR, and other security tools
- Technical documentation skills and ability to produce clear runbooks and detection content documentation
- Structured, detail‑oriented working style with analytical and problemsolving abilities
- Scripting and automation skills (e.g., Python, PowerShell) are a strong plus
- Fluent in English; German is a plus
Tech Stack
- Python
Benefits
- Technology stack: Modern and cutting-edge technology stack with opportunities to experiment and innovate within a high-tech group
- Flexible work options: 40-60% hybrid work option to provide flexibility and work-life balance
- Additional benefits: Annual flexible benefits that include cafeteria options, private health plans, and annual reward
- Extra option: Company parking space in the underground garage of the office building can be reserved
- Contribution: Opportunity to directly contribute to the development of innovative products through software delivery
- Supportive work environment: working in a team composed of excellent teammates and a supportive lead who collaborate to guide and support professional development from day one