Senior SOC Engineer

About the Opportunity

We are seeking a Senior / Lead SOC Platform Engineer to own and evolve the cloud-based logging and automation platforms that power our Security Operations Center. Our SOC Engineering team designs scalable AWS logging pipelines and manages ingestion into Google SecOps, and believes in proactive security, automation, and continuous improvement to stay ahead of evolving threats.

In this role you will lead key initiatives that strengthen visibility, automation, and detection capabilities across the organization.

Hybrid role based in Berlin or Barcelona.

In This Role, You Will:

• Lead SOC engineering initiatives including SOC automation, SIEM–IT Service Management (ITSM) integration, and threat framework mapping and adoption (e.g., MITRE ATT&CK).
• Own data ingestion workflows for the Security Information and Event Management (SIEM) system and ensure high-quality, reliable telemetry.
• Support and integrate deceptive security technologies and participate in purple team exercises to enhance visibility and detection coverage.
• Collaborate with detection engineering, incident response, cloud teams, and security leadership to improve platform reliability and SOC effectiveness.

What You Need to Be Successful

Background:

• 5+ years of experience in SOC engineering, security engineering, cloud engineering, or platform engineering.
• Proven experience designing and operating large-scale logging pipelines in cloud environments.
• Strong understanding of SOC operations, detection workflows, and modern telemetry requirements.

Skills:

• Deep hands‑on experience with AWS (S3, IAM, Lambda, Kinesis, CloudWatch, Step Functions, Glue, Athena, Glacier).
• Expertise with SIEM ingestion pipelines, ideally Google SecOps (Chronicle) with S3 ingestion.
• Strong understanding of log structures (JSON, CloudTrail, VPC Flow Logs, Syslog) and schema normalization.
• Proficiency with Infrastructure as Code (Terraform preferred).
• Strong scripting/programming skills (Python, Bash).
• Experience automating data validation, log onboarding, and pipeline health checks.
• Familiarity with MITRE ATT&CK mapping workflows using Navigator.
• Exposure to deceptive security technologies and telemetry pipelines.
• Experience supporting purple team exercises from a telemetry and engineering perspective.

Nice to Haves

• Google SecOps(Chronicle) engineering experience.
• Experience implementing automation for next‑generation or Agentic SOC capabilities.
• Experience with deception frameworks (e.g., Canary, Thinkst, IllusionBLACK).

What’s in it for you:

• Accelerate your career growth by joining one of Europe’s most talked about disruptors