Senior Detection & Incident Response Engineer - 100% remote
Apollo.ioâ˘lower-silesian
đ° Wynagrodzenie
25000 - 38000 PLN/msc
Oryginalnie: 25000 - 38000 PLN/msc
đ Informacje
đ Wymagane technologie
đ Wymagane jÄzyki
â Must have
- â˘Security
- â˘SIEM
- â˘Python
⨠Nice to have
- â˘Panther
- â˘GCP
- â˘Azure
- â˘AWS
- â˘Ruby
- â˘Ruby on Rails
- â˘GCIA
- â˘GCIH
- â˘Security+
- â˘GCED
- â˘SaaS
đ Opis gĹĂłwny / WstÄp
The Security Operations Engineer is a senior individual contributor responsible for detecting, investigating, and responding to security threats across Apolloâs cloud-native and SaaS environments. This role requires strong technical depth, independent judgment, and ownership of complex security investigations from intake through resolution.
This role operates in a fully remote environment and emphasizes clear written communication, operational rigor, and effective collaboration.
This is how we organize our work
This is how we work
- in house
- you can change the project
- you have influence on the choice of tools and technologies
- you have influence on the technological solutions applied
- you have influence on the product
- you develop the code "from scratch"
- you focus on product development
- agile
Development opportunities we offer
- development budget
- industry-specific e-learning platforms
- intracompany training
- technical knowledge exchange within the company
What Youâll Love About Apollo
Besides the great compensation package and culture that thrives in openness and excellence, we invest tremendous effort into developing our remote employeesâ careers. The team embraces that we have a sole purpose: to help customers maximize their full revenue potential on the Apollo platform. This mindset opens us up to a lot of creative approaches to making customers successful at scale. Youâll be a significant part of a lean, remote team, empowered to really own your role as a proactive educator. Weâre very collaborative at Apollo, so youâll be able to lean on your teammates, even in adjacent departments, to help you achieve lofty goals. Youâll be supported and encouraged to experiment and take educated risks that lead to big wins. And, youâll have a whole team remotely by your side to help you do it!
Codzienne zadania
- Monitor, triage, and investigate security alerts and events across cloud infrastructure, SaaS applications, and corporate systems.
- Conduct end-to-end security investigations, including scoping, containment, eradication, recovery, and documentation.
- Own investigations independently while collaborating effectively during high-severity incidents.
- Configure and maintain SIEM detections in Panther, including use cases, correlation rules, alert logic, and tuning.
- Onboard, validate, and maintain log sources to ensure visibility, accuracy, and reliability.
- Design and improve investigation and response workflows to streamline triage, escalation, and resolution.
- Leverage AI-assisted tools to accelerate alert analysis, enrichment, and investigation efficiency.
- Perform proactive threat-hunting activities to identify malicious or anomalous behavior not surfaced by existing detections.
- Investigate abuse, fraud, account compromise, and automation misuse scenarios in close collaboration with Fraud teams.
- Identify detection gaps and propose, implement, and validate improvements.
- Build scripts, automations, and tools to reduce manual work and improve response speed and consistency.
- Use Python extensively for analysis, automation, and internal tooling; Ruby experience is a plus.
- Contribute to internal detection frameworks, tool.
- Produce clear, high-quality documentation for incidents, investigations, and post-incident reviews.
- Contribute to runbooks, playbooks, and operational standards.
- Share knowledge, review peer work, and mentor other engineers.
Required Skills & Experience
- 4+ years of experience in Security Operations or Incident Response.
- Hands-on experience with SIEM platforms (experience with Panther is highly valued), log analysis, and detection engineering.
- Experience investigating security incidents in cloud-native environments (GCPÂ preferred; AWS and Azure also relevant) and SaaS applications.
- Experience automating security workflows and investigations.
- Proficiency in Python; familiarity with Ruby preferred.
- Ability to operate independently, prioritize effectively, and make sound technical decisions under pressure.
Preferred Qualifications
- Experience using AI or ML-powered security tools for detection, investigation, or response.
- Familiarity with vulnerability management concepts and remediation workflows.
- Relevant certifications such as GCIA, GCIH, GCED, AWS / GCP Security certifications, or Security+.
- Prior experience working in fully remote, distributed teams.
Must have
- Security
- SIEM
- Python