SOC Engineering Lead at Cyberfort. Location Information: Fully Remote. . About the Role. We are seeking an experienced and hands-on . Lead SOC Engineer. to architect, evolve, and oversee the technical operations of our Security Operations Centre. This role is ideal for a seasoned engineer with a deep background in . SIEM. , EDR, and threat intelligence technologies, who thrives in a fast-paced, highly automated security environment.. The successful candidate will be instrumental in shaping the core detection and response capabilities of the SOC, leading engineering efforts across Elastic SIEM, Microsoft Sentinel, Defender for Endpoint, CrowdStrike, and MISP, while building robust ITSM automation in JIRA.. Key Responsibilities. . Lead the technical design, implementation, and tuning of SIEM platforms (Elastic, Microsoft Sentinel).. . Engineer and operationalise endpoint detection capabilities using Defender for Endpoint, CrowdStrike, and Elastic Defend.. . Maintain and optimise threat intelligence workflows, including integrations with MISP.. . Build and maintain robust ITSM integrations and automations in JIRA for incident and change management.. . Work with the SOC leadership team to build, iterate and improve engineering to continue to delvier a world class SOC.. . Work closely with SOC analysts to ensure telemetry, detections, and playbooks align with real-world attack techniques (MITRE ATT&CK, D3FEND).. . Develop and maintain detection engineering pipelines including log onboarding, parsing, enrichment, correlation rules, and alerting logic.. . Automate repetitive tasks using scripting and infrastructure-as-code tools (PowerShell, Python, Terraform, etc.).. . Drive integration between security tooling and external systems (e.g., threat feeds, SOAR platforms, ticketing tools).. . Act as escalation point for complex detection and . incident response. scenarios.. . Mentor junior engineers and analysts, and contribute to a culture of continuous improvement.. . . Required Experience. . Minimum 5 years of experience engineering and operating Security Operations Centre platforms.. . Deep knowledge and hands-on experience with:. . . SIEM: Elastic Stack (Beats, Logstash, Kibana, Elasticsearch), Microsoft Sentinel. . EDR: Microsoft Defender for Endpoint, CrowdStrike Falcon, Elastic Defend. . Threat Intelligence: MISP (integration, automation, ingestion). . SOAR and automation:: including JIRA automations, sentinel playbooks, azure logic apps and functions, API’s and other integrations.. . ITSM: JIRA (incident, change, and service automation). . . Strong scripting and automation skills (Python, PowerShell, . Bash. ).. . Experience implementing detection-as-code pipelines and detection content engineering at scale.. . Solid understanding of threat detection, digital forensics, and security telemetry.. . Experience integrating SOC tooling with third-party platforms and APIs.. . . Desirable Skills. . Familiarity with threat modelling techniques and industry standard risk frameworks (e.g., STRIDE, DREAD, MITRE).. . Knowledge of compliance standards (e.g., ISO 27001, NIST 800-53).. . Exposure to containerised deployments, cloud-native logging, AWS and Azure/M365 security architecture.. . Our Purpose. The Cyberfort Group is a community of 150+ passionate people united by one overall mission “to make the world safer, one business at a time”. We are the "one-stop shop" for all things cyber and are working to build a centre of excellence for our customers by building an amazing place to work, learn and develop all our people.. We work with a diverse range of clients, including large Governmental departments as well as other public sector organisations and businesses within the private sector. We're growing our business and our team through our continuous investment in developing technology and cyber capability; we aim to deliver innovation to our customers as fast as possible. . Our goal is to implement, deliver and support solutions that make us stand out.. .
Telegram
Linkedin
Twitter
Instagram
Facebook