Senior Purple Operations Engineer
New
S
Sporty GroupCybersecurity
Europe - Remote, 10am-3pm in your local time zoneFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
Requirements
- Experience tuning EDR, SIEM, XDR, or SOC monitoring platforms.
- Strong understanding of endpoint, identity, cloud, network, and web attack behaviors.
- Practical experience writing detection logic in KQL, SPL, EQL, Lucene, Sigma, YARA, or similar.
- Familiarity with MITRE ATT&CK mapping and detection coverage analysis.
- Ability to turn Red Team, Purple Team, and incident findings into clear detection logic.
- Experience reducing false positives through rule tuning, exceptions, automation, and better entity context.
- Strong scripting ability in Python, PowerShell, Bash, or similar.
- Good understanding of SOC workflows, incident triage, escalation, and response playbooks.
- Strong documentation skills.
Responsibilities
- Tune EDR, SIEM, and XDR detections to reduce false positives and improve alert quality.
- Build and maintain detection rules, correlation searches, dashboards, watchlists, and response workflows.
- Translate Red Team, Purple Team, incident, and Threat Intelligence findings into repeatable defensive checks.
- Validate that EDR policies, prevention rules, logging, sensor health, and response actions work as expected.
- Review noisy alerts and tune thresholds, exclusions, lookups, entity context, and suppression logic.
- Support SOC analysts with clear alert descriptions, triage steps, severity logic, and escalation guidance.
- Improve log coverage, parsing, field normalization, enrichment, and data quality.
- Map detections to MITRE ATT&CK where useful.
- Write portable detection content using formats such as Sigma.
- Track detection gaps, false positive trends, alert health, and platform performance
View Full Description & ApplyYou'll be redirected to the employer's site
