Security Operations Engineer

Skills

About the Role

You will be the operational backbone of the Security Operations Centre, working remotely in a hands on role. You will own three tightly integrated domains: security alert design, triaging, and automated response; cloud security posture management across AWS and EKS; and posture tracking and reporting. Reporting to the Associate Director, Product & Infrastructure Security, you will collaborate with a mature Application Security team and with DevOps, Engineering, and Security GRC functions. You will drive down manual effort through detection as code and SOAR automation. You will be comfortable writing detection logic, triaging cloud misconfigurations at the infrastructure level, and owning end to end vulnerability remediation cycles in containerised environments. Key responsibilities include designing SIEM detection rules, mapping coverage to the MITRE ATT&CK framework, integrating threat intel, maintaining a detection backlog, triaging alerts daily, and building SOAR playbooks for common alert types. You will manage cloud posture through vulnerability triage, IAM governance, and CSPM tooling, coordinate remediation with engineering, and report on MTTR and posture scores. You will track and report security posture metrics and support audits such as SOC 2 ISO 27001 and GDPR. You will work in a lean security focused environment prioritising automation and detection as code.

Requirements

• 3 to 5 years of experience in security operations, cloud security, or infrastructure security engineering
• Hands on AWS security experience including IAM policy design, virtual network architecture, and cloud-native security services
• Kubernetes and EKS security experience including pod security standards, network policy enforcement, and workload identity
• Experience in a regulated or FinTech environment (payments, crypto preferred)
• Ability to author and tune detection rules without relying on vendor defaults
• Structured written communication for triage reports and stakeholder metrics
• Ability to coordinate remediation across engineering teams without direct authority
• Experience with CSPM and SIEM platforms such as Datadog, Wiz, Orca Security
• Scripting ability in Python or Bash
• Experience with SOAR or workflow automation platforms
• Familiarity with compliance frameworks: SOC 2, ISO 27001, GDPR, DORA
• Experience with secrets management platforms such as AWS Secrets Manager
• Experience with cloud infrastructure security and threat modelling
• Experience with Terraform or CloudFormation for misconfigurations
• Understanding of cryptocurrency or blockchain security considerations
• Experience in a startup or scale-up environment
• AI tooling familiarity and interest in applying AI to operational workflows
• Professional AWS Security Specialty certification valued

Responsibilities

• Design and maintain SIEM detection rules covering cloud, container, identity, and application layers using signature-based and behavioural logic
• Map detection coverage against the MITRE ATT&CK framework and identify gaps relevant to the AWS and EKS attack surface
• Integrate threat intelligence feeds to refresh rule logic for emerging threats and TTPs
• Maintain a detection backlog, prioritised by risk, with defined review cadences
• Daily SIEM alert triage following defined response timing standard
• Classify, investigate, and resolve security signals; reduce false-positive rates through structured tuning cycles, with documented rationale for rule changes
• Maintain triage runbooks for key production detection rules
• Build and maintain SOAR playbooks for common alert types including IAM anomalies, misconfiguration alerts, exposed secrets, and container runtime events
• Automate enrichment steps (asset lookup, threat intel correlation, ownership resolution) to reduce analyst time-to-context
• Document automation logic and maintain version control for all playbooks
• Measure and report automation coverage rate as a standing KRI
• Own end to end vulnerability triage and remediation in cloud and container environments
• Oversee CSPM posture scoring targets; triage new Critical findings within defined SLA windows
• Collect and maintain Key Risk Indicator data across SOC and cloud domains
• Produce structured findings and reports for reviews and audits

Benefits

• Ownership of the SOC and cloud security posture function from day one in a high growth FinTech environment
• Broad domain exposure across detection engineering, cloud security, container security, incident response, and compliance
• Collaborative team culture with a mature AppSec function and strong leadership support
• Regulated, multi-geography environment with real world impact on financial inclusion
• Remote First Flexibility fully remote work environment
• Learning and development resources and autonomy to grow professionally
• Mental health support services
• Stock option plan for full-time employees