RemoteLeaf Logo
Log in Sign up

Senior Purple Operations Engineer

2 weeks, 6 days ago
Europe
Full-time
Senior
Security Engineer
DevOps and Infrastructure
Azure Bash Cloudflare Confluence GitHub GitLab JIRA Kubernetes Lucene PowerShell Python SIEM SOC
Apply Now
Sporty Group

Sporty Group

Sporty Group is a global consumer internet and media organization that specializes in digital and linear sports broadcasting, offering its leading free-to-air platform, SportyTV, which engages millions of users across multiple countries and continents.

Media
51-250
Founded 2013
View All Jobs 44

Description

  • Tune EDR, SIEM, and XDR detections to reduce false positives and improve alert quality.
  • Build and maintain detection rules, correlation searches, dashboards, watchlists, and response workflows.
  • Translate Red Team, Purple Team, incident, and threat intelligence findings into repeatable defensive checks.
  • Validate EDR policies, prevention rules, logging, sensor health, and response actions.
  • Review noisy alerts and tune thresholds, exclusions, lookups, entity context, and suppression logic.
  • Support SOC analysts with clear alert descriptions, triage steps, severity logic, and escalation guidance.
  • Improve log coverage, parsing, field normalization, enrichment, and data quality.
  • Map detections to MITRE ATT&CK where useful.
  • Write portable detection content using formats such as Sigma.
  • Track detection gaps, false positive trends, alert health, and platform performance.

Requirements

  • Experience tuning EDR, SIEM, XDR, or SOC monitoring platforms.
  • Strong understanding of endpoint, identity, cloud, network, and web attack behaviors.
  • Practical experience writing detection logic in KQL, SPL, EQL, Lucene, Sigma, YARA, or similar.
  • Familiarity with MITRE ATT&CK mapping and detection coverage analysis.
  • Ability to turn Red Team, Purple Team, and incident findings into clear detection logic.
  • Experience reducing false positives through rule tuning, exceptions, automation, and better entity context.
  • Strong scripting ability in Python, PowerShell, Bash, or similar.
  • Good understanding of SOC workflows, incident triage, escalation, and response playbooks.
  • Strong documentation skills.
  • Experience with any of the following technologies: Microsoft Defender XDR, CrowdStrike Falcon, SentinelOne, Microsoft Sentinel, Splunk Enterprise Security, Elastic Security, Google SecOps, Sigma, YARA, KQL, SPL, EQL, Lucene, Python, PowerShell, Bash, MITRE ATT&CK, Atomic Red Team, Caldera, Vectr, TheHive, Jira, Confluence, GitHub, GitLab, osquery, Sysmon, Zeek, Suricata, AWS CloudTrail, GuardDuty, Azure, Entra ID, Google Workspace, Okta, Cloudflare, Kubernetes logs.

Benefits

  • Remote-first work environment.
  • Competitive salary with individual performance-based quarterly bonuses.
  • 28 days of paid annual leave.
  • Core working hours from 10am-3pm in your local time zone, with flexibility outside those hours.
  • Referral bonuses and flash bonuses.
  • Top-of-the-line equipment.
  • Annual company retreats with networking opportunities.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

The Missing Link

Saviynt IAM Specialist

The Missing Link 51-250 Internet Software & Services

The Missing Link is seeking a Security Engineer - Saviynt to support large enterprise identity governance initiatives, design and deliver Saviynt-based solutions, and strengthen its growing cyber security practice.

India Full-time Mid Level Security Engineer
Active Directory Azure Cybersecurity JavaScript PowerShell REST API SAP SQL
4 hours, 55 minutes ago
EnableComp

AI Security Architect (REMOTE - United States)

EnableComp 251-1K Insurance

EnableComp is seeking a remote AI Security Architect to secure and govern its AI and machine learning initiatives within its healthcare revenue cycle management environment.

United States Full-time Senior AI Engineer Security Engineer
Azure Cybersecurity HIPAA LLM Machine Learning
5 hours, 10 minutes ago
Dropbox

Senior Infrastructure Security Engineer

Dropbox 1K-5K Internet Software & Services

Dropbox is hiring a Security Engineer to secure its AI and agentic infrastructure while helping protect products and users across cloud and on-prem environments.

Canada Full-time Lead Infrastructure Engineer Security Engineer
$152k-$206k
Bash CI/CD CrowdStrike Go Java Kubernetes Linux LLM Node.js OAuth OpenID Connect OWASP Python Ruby Rust SIEM
5 hours, 10 minutes ago
Fullscript

Staff, Security Engineer

Fullscript 251-1K Health Care Providers & Services

Fullscript is hiring a Staff Security Engineer to lead hands-on security engineering across its healthcare technology platform, shaping secure product development and protecting systems that support practitioners and patients.

United States Canada Full-time Lead Security Engineer
AWS GitHub GitLab GraphQL JavaScript Node.js Penetration Testing Ruby on Rails
5 hours, 40 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers