SecOps Engineer

Who we are

Billennium is a global technology company with 20+ years of experience supporting international clients. We operate in dynamic environments where ownership, clear communication, and measurable results are key.

About the role

We are looking for a SecOps Engineer to join our team and contribute to building and evolving a modern security operations ecosystem. This role combines engineering, security, and automation, focusing on developing scalable detection and response capabilities.

You will work closely with SOC, Incident Response, and engineering teams to design and implement advanced tooling, improve detection quality, and automate security operations processes.

Regular in-person team meetings organized by the client take place once a month in Berlin or Hamburg (once a month or less)

Your responsibilities:

• Design and build SecOps tooling as part of a broader security ecosystem

• Develop architecture patterns and solution designs for SIEM, SOAR, EDR, vulnerability management, logging pipelines, and user behavior analytics

• Evaluate and integrate new tools, technologies, and platforms to enhance detection and response capabilities

• Build and maintain scalable data ingestion, correlation, and alerting workflows

• Collaborate with operational engineers to ensure reliability and efficiency of SecOps workflows

• Identify automation opportunities and implement scripts, playbooks, and workflows (e.g., in SOAR platforms)

• Work closely with SOC and Incident Response teams to translate operational needs into technical solutions

• Design and develop an internal SecOps product supporting detection and response for vulnerabilities and threats

• Integrate detection capabilities with observability platforms and broader SOC ecosystems

• Support incident response by providing technical expertise, improving detection logic, and enabling rapid instrumentation

• Develop, test, and operationalize detection capabilities based on evolving threats

• Create and maintain detection-as-code artifacts (e.g., Sigma, YARA, KQL)

• Validate and continuously tune detection rules using simulations and threat-based testing

Must have:

• Hands-on experience in security engineering across SIEM, SOAR, EDR, or related tooling

• Experience with log ingestion, telemetry pipelines, and cloud-native security tooling

• Programming/scripting skills (Python, PowerShell, or Go)

• Experience with infrastructure-as-code, CI/CD pipelines, and Kubernetes

• Strong understanding of threat modelling, detection engineering, and MITRE ATT&CK framework

• Experience designing architectures, technical documentation, and onboarding guidelines

• Experience with logging and detection solutions in cloud environments

• Strong problem-solving skills and ability to work independently

• Fluent English (C1 or higher)

Nice to have:

• Experience with Wazuh

• Familiarity with observability platforms and OpenTelemetry

• Experience in SOC environments (Tier 1–3) or strong understanding of security operations

• Knowledge of security frameworks (ISO 27001, BSI, MITRE ATT&CK)

• Experience with GCP or other cloud providers

• Background in DFIR / blue team domains (e.g., CySA+, GIAC, GCIH, BTL)

• Knowledge of Kubernetes security (CKS or similar)

What we offer:

• Flexible work model and working hours

• Comprehensive benefits package: private medical care, Multisport, language lessons, Udemy for Business, vouchers, veterinary care

• International exposure and collaboration with global teams

• Training and development programs in a stable organization with room for innovation

• Team initiatives, knowledge‑sharing sessions, CSR activities, and company events

• Welcome pack

Recruitment process:

1. HR interview (~30 minutes)

2. Technical / hiring manager interview

3. Decision and feedback