SIEM Detection Engineer

Key Responsibilities: 

• Develop maintain and continuously improve SIEM detection rules
• Design detections based on:
  • MITRE ATT&CK techniques
  • Threat intelligence and real incident learnings
• Support onboarding and improvement of log sources in SIEM platforms
• Analyze systems and applications to understand what should be logged and how it supports detection
• Improve log quality parsing enrichment and overall data consistency
• Tune detections to reduce false positives and improve alert quality
• Validate detections
• Create and maintain:
  • Detection documentation and use-case descriptions
  • Dashboards and visualizations for SOC operations
  • Alert context and investigation guidance for analysts
• Monitor detection effectiveness using metrics such as alert quality coverage and MTTD
• Automate repetitive tasks and improve detection workflows (Python or similar)
• Collaborate with team members share knowledge and support continuous improvement
• Stay up to date with emerging threats and detection techniques

Qualifications :

• Bachelors or Masters degree in a technical field or equivalent hands-on experience
• 2 years of experience in security (SOC experience preferred)
• Hands-on experience working with any SIEM platform
• Good understanding of:
  • Windows and Linux operating systems
  • Networking fundamentals (DNS HTTP/S etc.)
• Experience working with security logs from endpoints servers or network devices
• Basic scripting or automation experience (Python preferred)
• Solid understanding of common security threats and defensive concepts

Skills:

• Strong analytical mindset with interest in security detection engineering
• Experience creating or tuning SIEM detection rules
• Understanding of how log data quality impacts detection effectiveness
• Familiarity with detection frameworks such as MITRE ATT&CK
• Ability and willingness to learn new tools and technologies
• Comfortable working both independently and in a team environment
• Clear and effective communication skills
• Passion for cybersecurity and continuous improvement
• Fluent in English and Croatian

Additional Information :

What we offer:

• Dynamic and fast-paced work environment with a high level of autonomy.
• Occasional travel for client meetings and industry events may be required (worldwide).
• A mission-driven team working to protect critical infrastructure globally.
• Opportunity to achieve your biggest potential and development in your area of responsibility.
• Continuous development and advancement through industry-relevant certifications and internal/external training/workshops.
• Learning and sharing experiences with well-known and respected experts in the field of information/cybersecurity.
• Positive motivating international work environment.
• Hybrid work office work work from home.
• Flexible working hours.
• Additional and supplementary health insurance packages.
• Multisport membership.
• Pet-friendly office.
• Social events and team bonding gatherings.
• Compensation package consisted of base bonus part competitive in the market.

Remote Work :

No

Employment Type :

Full-time