Security Engineer

We're looking for a skilled and curious
Detection and Response Security Engineer-2
to help strengthen our real-time threat detection and incident response capabilities. You'll be on the front line of our security operations — monitoring real-time threats, fine-tuning detection systems, and leading incident investigations across cloud and on-prem environments.

If you thrive in a high-stakes environment, love connecting the dots across logs and alerts, and are passionate about staying one step ahead of adversaries, this role is for you.

What You'll Do

• Monitor and analyze security events across infrastructure, applications, and cloud environments using SIEM tools (especially
  Wazuh
  ) and endpoint monitoring solutions.
• Investigate alerts from WAF, DDoS protection platforms, intrusion detection/prevention systems, DLP, AV, and network security tools. Perform initial triage, containment, and escalation of incidents.
• Correlate logs and security data to detect threats, suspicious behavior, and policy violations using
  MITRE ATT&CK
  or other frameworks.
• Maintain and fine-tune detection rules and correlation logic in
  Wazuh SIEM
  and other log aggregation platforms.
• Respond to and manage security incidents (SOC L2/L3 level) — perform root cause analysis, coordinate with stakeholders, and assist in recovery and documentation.
• Operate and support network and application layer firewalls, DDoS mitigation platforms, and threat intelligence feeds.
• Define and implement security use cases, dashboards, and alerting mechanisms based on emerging threats and internal risk scenarios.
• Collaborate with IT and DevOps teams to ensure logging, alerting, and telemetry coverage across servers, applications, APIs, and containers.
• Contribute to the development of playbooks, SOPs, and knowledge base articles to standardize SOC operations and response.
• Participate in threat-hunting activities, post-incident reviews, and red/blue team exercises to strengthen detection capabilities.

What You Bring

• Bachelor's degree in Computer Science, Information Security, or equivalent experience in SOC or IT Security operations.
• 3–6 years of experience working in a SOC, MSSP, or security operations environment.
• Proven hands-on experience with SIEM tools — ideally
  Wazuh
  ,
  ELK Stack
  , or similar open-source and enterprise SIEM platforms.
• Strong understanding of
  Web Application Firewalls (WAF)
  , anti-DDoS technologies, and network traffic analysis.
• Experience monitoring and defending Linux/Windows environments, cloud platforms (
  AWS/GCP/Azure
  ), and containerized infrastructure (
  Docker/Kubernetes
  ).
• Familiarity with threat intelligence, IOC enrichment, and behavioral analytics tools and processes.
• Solid understanding of
  TCP/IP
  ,
  DNS
  ,
  HTTP
  ,
  SSL/TLS
  , and common attacker techniques (reconnaissance, lateral movement, privilege escalation).
• Experience with log parsing, data normalization, and the use of regex, JSON, or scripting (
  Python/Bash
  ) to automate analysis.
• Good grasp of cybersecurity frameworks and standards such as
  MITRE ATT&CK
  ,
  NIST CSF
  , and
  CIS Controls
  .
• Ability to manage incidents with calm, clarity, and attention to detail — both independently and collaboratively.

Why Join Us

• Be part of a modern SOC function that values automation, continuous learning, and collaboration.
• Gain exposure to real-time security challenges across
  fintech
  ,
  cloud
  , and
  SaaS
  ecosystems.
• Join a forward-looking team actively exploring
  AI in security
  — both as a threat and as a tool.
• Enjoy a learning-driven culture with support for
  certifications
  ,
  research
  , and
  community engagement
  .