Lead Detection & SOAR Security Engineer / Security Operations Integration Consultant

Svitla Systems Inc. is looking for a Detection and SOAR Security Lead/Operations Integration Consultant for a full-time position (40 hours per week) in Europe. Our client specializes in delivering digital forensic and incident response solutions tailored for businesses, public safety organizations, and service providers engaged in the investigation of cybercrimes.

Requirements

• Extensive experience securing SaaS and enterprise security environments at scale.

• Proven ability in improving security operations processes, workflow maturity, and operational integration across internal teams and third-party providers.

• Expertise in deploying and supporting data loss prevention, session controls, access controls, SaaS monitoring and alerting, identity-aware detections, and data protection workflows.

• Deep understanding of creating, tuning, validating, and documenting SIEM detections.

• Knowledge of developing detections based on attacker behavior, business risk, and operational relevance rather than relying solely on default vendor content.

• Experience mapping detections to MITRE ATTACK and using this framework to identify coverage gaps where relevant.

• Thorough knowledge of Microsoft Sentinel SIEM and native SOAR features, including Logic Apps, playbooks, workflow orchestration, and automation design.

• Experience developing SOAR automation that includes enrichment, conditional logic, response actions, safeguards, and operational logging.

• Skilled in integrating security alerts into SOC, incident response, triage, escalation, ticketing, and broader operational workflows.

• Ability to explain how specific detections, automations, integrations, or workflow enhancements improve MTTD, MTTR, signal quality, workflow consistency, provider effectiveness, or analyst productivity.

• Strong preference for candidates with hands-on experience using Arctic Wolf and/or similar MDR, managed SOC, detection engineering, and security operations platforms.

• Profound understanding of implementing, configuring, administering, tuning, integrating, and operationalizing solutions from providers such as CrowdStrike, Rapid7, SentinelOne, Sophos, Red Canary, Expel, eSentire, Huntress, Secureworks, Blackpoint Cyber, or comparable platforms to support detection engineering, SaaS security operations, workflow integration, and incident response.

• Experience working in environments with outsourced SOC, MDR, or external detection-and-response providers.

• Expertise in enhancing the technical and operational effectiveness of an outsourced MDR or SOC relationship without replacing the provider model.

• Ability to operate within an established target-state architecture and governance framework without redefining the security strategy.

• Strong skills in technical documentation, reporting, and operational handoffs.

• Ability to produce audit- and compliance-ready artifacts.

• Quick learner capable of adapting and becoming productive with minimal guidance.

• Excellent communication skills and effectiveness in working through tickets, chat, meetings, email, and direct collaboration with other teams.

• Highly self-motivated and comfortable working independently.

• Proactive in identifying work, proposing solutions, and driving execution.

• Able to learn the business environment via meetings, documentation, note-taking, and direct engagement.

• Consistent and clear work documentation, including time logs, changes, rationales, and outcomes.

• Practitioner focus over coordinator role.

• Able to operate independently with minimal management oversight and to identify high-value tasks proactively.

Preferred Certifications

• GCED, GCIA, GCIH, GCFA, CRTO, and CISSP.

• Advantageous but not mandatory: Microsoft Sentinel certifications, Splunk certifications, Elastic certifications, SOAR platform certifications, AZ-500, and AWS Security Specialty.

Nice to have

• Direct experience working with Arctic Wolf in an operational partnership model.

• Prior ownership of detection engineering quality, automation quality, or security operations workflow maturity.

• Experience reviewing the technical work of other engineers and helping enforce engineering standards.

• Knowledge of environments where internal teams and external MDR providers share operational responsibility.

• Strong familiarity with enterprise security operations design patterns and supporting processes.

• Familiarity with internal-to-external alert routing, triage alignment, and escalation workflow optimization.

• Familiarity with SaaS-heavy and cloud-connected operating environments.

• Experience with Azure and/or AWS security tooling.

• Broad technical range that would allow the consultant to support future project-based initiatives beyond the initial assignment, if needed.

• Hands-on experience with one or more enterprise SIEM platforms, such as Microsoft Sentinel, Splunk, Elastic, and/or other enterprise SIEM platforms.

• Hands-on experience with SOAR or security automation platforms.

• A good grasp of workflow integrations using APIs, scripting, connectors, and orchestration logic.

• Useful scripting or automation experience may include Python, PowerShell, REST API integrations, and logic-based workflow builders.

• Experience integrating SaaS, identity, endpoint, and alerting systems into cohesive response workflows is strongly valued.

Responsibilities

• Drive data architecture unification across multiple SaaS products by creating consistent patterns while respecting product needs. Collaborate with vertical technical leads to provide cross-functional architectural support and alignment.

• Design and optimize data storage solutions across various technologies, including AWS OpenSearch/Elasticsearch, relational databases, S3, NoSQL, and data warehousing. Focus on performance and resilience by enhancing indexing, querying, high availability, redundancy, and disaster recovery at scale.

• Support AI initiatives by partnering with the AI specialist team on data architecture for AI capabilities. Clarify complex challenges, translating ambiguity into a clear architectural direction.

• Build team capability by mentoring engineers to increase self-sufficiency, rather than creating dependencies.

• Balance performance, cost, and reliability across the platform.

What Success Looks Like

• SaaS security controls are actively enforced and implemented rather than just documented.

• Security detections are technically accurate, repeatable, well-documented, measurable, and aligned with real-world attacker behavior.

• SOAR playbooks consistently reduce manual effort, enhance workflow consistency, and speed up responses.

• Microsoft Sentinel detections and automations provide higher signal quality and greater operational value.

• Arctic Wolf alerts are reliably usable, actionable, and effectively integrated into internal workflows.

• The client gains greater value from the outsourced MDR relationship through improved metrics, workflows, clearer ownership, and stronger integrations.

• Ownership and accountability for SaaS and operational security risks are clearly assigned.

• Metrics such as MTTD, MTTR, alert quality, control effectiveness, and workflow quality are measurable and defensible.

• Audit and compliance stakeholders can review clear evidence demonstrating operational control enforcement.

• Internal teams can maintain, operate, and expand the delivered work with minimal reliance on the consultant.

We offer

• US and EU projects based on advanced technologies.

• Competitive compensation based on skills and experience.

• Regular performance appraisals to support your growth.

• Flexibility in workspace, either remote or our welcoming office.

• Bonuses for article writing, public talks, and other activities.

• Generous time off, including vacation, national holidays, sick leaves, and family days.

• Personalized learning programs tailored to your interests and skill development.

• Free tech webinars and meetups organized by Svitla.

• Regular corporate online activities.

• Awesome team and a friendly, supportive community!