For candidates

Our client is a global technology and professional services company with a Cyber Center based in Prague. The team supports enterprise clients across multiple industries and operates as a mature, production-grade security organization — not a lab environment or short-term pilot setup. The Prague office consists of approximately 270 professionals. The broader security operations unit has around 80 people, including roughly 27 engineers responsible for the technical layer — SIEM platforms, detection pipelines, and incident response tooling. English is used for client-facing communication and documentation; Czech is the day-to-day language within the local team. Why This Role Exists Now: The security operations team is expanding. Two new engineers are joining in parallel — one focused on broader SIEM platform operations (separate ad), while this role is aimed at someone with deeper expertise in cloud SIEM architecture, detection engineering at scale, and advanced-level Splunk Enterprise Security or Microsoft Sentinel analytics. The team already includes senior engineers who designed parts of the current detection architecture, meaning critical knowledge and mentorship are available from day one. IBM QRadar is entering maintenance mode. If you've spent years on QRadar and know the transition is coming, this is where that transition happens — with a team already running Splunk ES and Sentinel in production, and a clear onboarding path into both.What Matters Most: This role is for someone who thinks in terms of detection logic, not just queries. Three things are essential: — Advanced SIEM expertise — Splunk Enterprise Security (risk-based alerting, notable event management, ES data models) or Microsoft Sentinel (analytics rules at scale, KQL optimization, UEBA, Fusion), with 3+ years of real production experience — Detection engineering mindset — understanding of threat models (MITRE ATT&CK), ability to map detection gaps to adversary behavior, and write detection rules that are effective without generating excessive noise — Strong understanding of data pipelines — knowledge of log source behavior, normalization principles, and the impact of broken parsing rules English should be strong enough for technical documentation and client-facing reporting. If your background is QRadar or a single-vendor environment — that's fine. SPL and KQL are tools. We care about how you think about detection, not which query language you currently know. Nice to Have: — Chronicle / Google SecOps experience — YARA-L detection rules, UDM data model — SOAR experience — Splunk SOAR (Phantom), Microsoft Sentinel playbooks, or similar tooling — Certifications such as Splunk Core Power User / Architect, Microsoft SC-200, GCIA, GCIH — Threat hunting experience — proactive analysis of historical data for indicators of compromiseRole / Mission: Your primary responsibility will be detection engineering and SIEM platform ownership — not alert monitoring. You'll design and maintain correlation rules and analytics, ensure incoming data is properly parsed and normalized, and build detection logic that identifies meaningful threats without overwhelming analysts with noise. Primary platforms include Splunk (including Splunk Enterprise Security) and Microsoft Sentinel. Chronicle / Google SecOps is present in selected client environments, so experience with it is a strong advantage. QRadar and ArcSight still exist in several legacy environments. Success after 12 months means owning at least one major detection domain. Your analytics rules have measurably reduced false positives, and you can clearly explain why specific rules are tuned the way they are. Key Responsibilities: — Design, build, and maintain detection analytics in Splunk ES (correlation searches, risk-based alerting) and/or Microsoft Sentinel (analytics rules at scale, KQL, Fusion detections) — Manage data ingestion pipelines — onboarding log sources, parsing, normalization, field extractions — Conduct threat-informed detection reviews: map coverage against MITRE ATT&CK, identify gaps, prioritize improvements — Support incident response escalations through platform-level investigations — advanced queries, timeline reconstruction — Contribute to SOAR playbook development and automation logic — Participate in on-call rotation and lead post-incident reviews related to platform-level issues What This Role Is NOT: — Not a Tier 1 analyst role — you'll work upstream from triage, designing the logic that enables effective detection and response — Not a pure administration role without detection ownership — the expectation is to build and improve, not only configure — Not an isolated research position — your work directly impacts live enterprise environments, so quality matters from day one Operating Model: Standard working hours, no shift work. On-call rotation is shared across the engineering team. Hybrid setup in Prague or fully remote is also possible. Reports to: Head of Security Engineering Language: English for client-facing communication and technical documentation; Czech for internal team collaboration Travel requirements: minimal.Interested? Let's Talk If this sounds like the kind of challenge you're looking for, apply now. Throughout the process, you'll work with a senior recruiter who has hands-on IT experience. Straightforward communication, technically grounded discussions, and no unnecessary recruitment overhead. Send your CV or LinkedIn profile to or connect via linkedin.com/in/jirisoljak Interview Process: — Intro call with a SITEQ recruiter — 30 minutes covering the role and client context — First interview with the team lead — team structure, responsibilities, day-to-day collaboration — Technical interview with a senior engineer from the security operations team — detection logic, platform depth, real-world scenarios (no trick questions) — Offer Please note: this position is open only to candidates who are eligible to work in the EU without visa sponsorship and are able to reside and work in the Czech Republic.

Our client is a global technology and professional services company with a Cyber Center in Prague. The team serves enterprise clients across multiple industries and operates as a mature, production-grade security operation — not a lab, not a pilot. The Prague team is around 270 professionals. The security operations unit has ~80 people, including roughly 27 engineers who own the technical layer — SIEM platforms, detection pipelines, incident response tooling. English is the language of client-facing work; Czech is day-to-day inside the team. Why This Role Exists Now: The security operations team is expanding. Two new engineers are joining — this is one of two roles being filled at the same time. The other role goes deeper on cloud SIEM (separate ad). The team has experienced engineers who know the detection architecture well, and now is a good moment to join — the knowledge transfer opportunity is real and accessible from day one. If you've been in an MSSP environment where detection ownership stays with the vendor or a central content team — this role is built differently. Most MSSP setups give you the SIEM. This one gives you the rules.What Matters Most: We're not looking for someone who ticked every checkbox on a certification list. Three things actually matter: — SIEM hands-on time — you've worked with Splunk (SPL queries, correlation searches) or Microsoft Sentinel (KQL, analytics rules) for at least 2 years in a production environment — Linux system knowledge — you understand how logs are generated, how syslog works, what endpoint telemetry looks like — Detection thinking — you can write a correlation rule from scratch, explain why it's tuned the way it is, and recognize when a low-severity alert is worth investigating English needs to be solid for reading technical documentation and writing client-facing reports. If your background is primarily QRadar or ArcSight — that's a valid starting point. We care more about your engineering instincts than the vendor logo. Nice to Have: — Experience with Chronicle/Google SecOps — YARA-L rules, UDM data model — Familiarity with QRadar or ArcSight from client or previous employer environments — Security certifications: GCIA, CEH, CompTIA Security+, Microsoft SC-200, or Splunk Core Certified — Scripting for automation — Python, PowerShell, or bash for log parsing or playbook triggers Don't let the nice-to-haves stop you. If you have the three core things, the rest can be learned.Role / Mission: Your job is to keep the SIEM infrastructure healthy and make sure the detections it runs actually catch things worth catching. Day-to-day: monitoring and triaging alerts, maintaining log source pipelines, tuning correlation rules, and working with analysts when something escalates. You'll also write and maintain playbooks so the team doesn't reinvent the wheel during incidents. Tech context: the team runs Splunk and Microsoft Sentinel as primary platforms. QRadar and ArcSight in the mix from legacy clients. Chronicle/Google SecOps is present in some environments — knowledge there is a plus. Success in 12 months: you own your detection playbooks, you've added at least one meaningful improvement to the ingestion or detection layer, and when someone has a question about platform behavior, they come to you first. Key Responsibilities: — Monitor, triage, and investigate alerts across SIEM platforms (primarily Splunk and Microsoft Sentinel) — Build, tune, and maintain detection rules and correlation logic — SPL, KQL, or both — Maintain SIEM infrastructure: log sources, ingestion pipelines, platform health, onboarding new data feeds — Write and update incident response playbooks; support L1/L2 analysts during active investigations — Participate in on-call rotation; contribute to post-incident documentation and lessons learned What This Role Is NOT: — Not a pure L1 analyst position — you're here to engineer and improve, not just watch dashboards — Not a client-facing sales or advisory role — this is delivery, inside the engine room — Not a solo build-from-scratch project — you're joining an existing team with live infrastructure Operating Model: Standard working hours, no shift work. On-call is a shared rotation across the engineering team. Hybrid setup in Prague or fully remote is also possible. Reports to: Head of Security Engineering. English for client documentation; Czech for internal team communication. Travel is minimal.Interested? Let's Talk If this sounds like your kind of challenge, apply now — let's build something great together. Throughout the process, you'll be guided by a senior recruiter with hands-on IT experience. Straightforward, technically grounded, without unnecessary recruitment overhead. Send your CV or LinkedIn profile to or reach out via linkedin.com/in/jirisoljak Interview process: — Intro call with SITEQ recruiter — 30 minutes, we'll explain the role and client context — First interview with the team lead — get to know each other, talk about the team and day-to-day — Technical interview with a senior engineer from the security operations team — hands-on discussion, no trick questions — Offer Please note: this position is open only to candidates eligible to work in the EU without visa sponsorship, able to reside and work in the Czech Republic.

Mezinárodní technologická skupina s více než 30 lety na trhu, 800+ odborníků a zastoupením v několika zemích střední a východní Evropy. Realizuje projekty v oblasti IT infrastruktury, datových center, cloudových řešení, kybernetické bezpečnosti, robotizace a IT outsourcingu. Firma provozuje rostoucí portfolio managed services pro enterprise zákazníky. Delivery je core byznys — ne interní funkce. Prostředí, kde projektové řízení dává smysl a výsledky jsou měřitelné.— IT projektové řízení — 3–5 let praxe, ideálně v ICT integrátorovi nebo managed services — ITSM a delivery governance — ITIL nebo ekvivalent, Jira, SLA/change/incident management — Zákaznická komunikace — přímý kontakt se zákazníkem, eskalace, operativa Angličtina B2/C1. Pokud je silnější písemně než ústně — firma nabídne jazykový program. Výhoda (ne podmínka): certifikace PRINCE2 nebo PMI (PMP), projekty na Cisco / Fortinet / Palo Alto / F5.Role / Mission: Budeš zodpovědný za řízení technologických projektů a service delivery napříč oblastmi infrastruktury, networkingu, security a datových center. Převezmeš část portfolia projektů a poneseš odpovědnost za jejich delivery — od kickoffu po předání. Tvůj záběr zahrnuje jak infrastrukturní projekty, tak managed services zakázky pro enterprise zákazníky. Nemáš přímé reporty, ale koordinuješ technické specialisty a držíš projekt pohromadě směrem k zákazníkovi i internímu týmu. Za 12 měsíců máš za sebou projekty s měřitelnými výsledky (forecast vs. actuals — scope, budget, timeline, kvalita, rizika) a reputaci partnera, na kterého se zákazník i tým spoléhají. Key Responsibilities: — Řídíš životní cyklus projektů od kickoffu po předání — plánování, scope, rizika, budget, reporting — Sleduješ SLA a kvalitu dodávky — identifikuješ odchylky a eskaluješ včas, ne až ex-post — Komunikuješ přímo se zákazníky — jsi jejich operativní PM kontakt, ne prostředník — Koordinuješ technické specialisty na projektech — lidé ti nereportují, ale spolupracují s tebou — Pracuješ s Jira — ticketing, tracking, reporting pro vedení i zákazníka What This Role Is NOT: — Není to team lead role — nevedeš lidi přímo, zodpovídáš za projekty a jejich výsledky — Není to čistě provozní role — řešíš komplexní projekty pro enterprise zákazníky, ne jen operativu — Nejsi zodpovědný za technický návrh řešení — k tomu máš architekty a presales; musíš ale rozumět kontextu a dopadům rozhodnutí Operating Model: Praha, full time, HPP (IČO není možné). Hybrid — 2 dny v kanceláři týdně. Čeština primárně; angličtina B2/C1 potřebná.Zaujalo tě to? Napiš nebo pošli reakci: | linkedin.com/in/jirisoljak CV není potřeba — stačí LinkedIn profil a pár vět o sobě. Budeš mluvit přímo se zkušeným IT headhunterem s vlastní IT praxí — 500+ náborů. Relevantní diskuze bez HR balastu. Proces: — Krátký úvodní call (15–30 min) — Maximálně 2 kola — pokud věc dává smysl, rozhodnutí přijde i po prvním — Před finálním rozhodnutím osobní setkání — V každém kroku víš, kde jsi. EU work authorization required. No visa sponsorship.

Mezinárodní technologická skupina s více než 30 lety na trhu, 800+ odborníků a zastoupením v několika zemích střední a východní Evropy. Realizuje projekty v oblasti IT infrastruktury, datových center, cloudových řešení, kybernetické bezpečnosti, robotizace a IT outsourcingu. Firma provozuje rostoucí portfolio managed services pro enterprise zákazníky. Delivery je core byznys — ne interní funkce. Stabilní organizace s prostorem pro lídra, který chce věci skutečně řídit.— IT projektové řízení a delivery — 5–7 let praxe, ideálně v ICT integrátorovi nebo managed services — Vedení lidí — min. 2–3 roky jako team lead nebo manager — ITSM a delivery governance — ITIL nebo ekvivalent, Jira, SLA/change/incident management Angličtina C1. Pokud je silnější písemně než ústně — firma nabídne intenzivní jazykový program. Výhoda (ne podmínka): certifikace PRINCE2 nebo PMI (PMP), projekty na platformách Cisco / Fortinet / Palo Alto / F5.Role / Mission: Reportuješ přímo Head of PMO & Delivery. Pod sebou máš tým 4–5 IT projektových manažerů — společně koordinujete technické specialisty na projektech i v servisní složce. Rozložení práce: 50 % vedení a koordinace, 50 % vlastní projekty. Tahle architektura je záměrná — projekty a tým máš strukturovaně oddělené, ne ve věčném přetlaku. Za 12 měsíců máš za sebou projekty s měřitelnými výsledky (forecast vs. actuals — rozsah, budget, čas, kvalita, rizika), tým, který funguje bez mikromanagementu. Key Responsibilities: — Nastavuješ standardy PM práce v týmu — od plánování přes řízení rizik po reporting vedení — Hlídáš SLA a kvalitu dodávky — sleduješ KPI, identifikuješ odchylky a navrhuješ konkrétní opravy — Komunikuješ přímo se zákazníky a řešíš eskalace — jsi pro ně partner, ne jen provozní kontakt — Plánuješ kapacity napříč projekty i servisními zakázkami — Přicházíš se změnami — optimalizace procesů, stabilizace rizikových projektů, nastavení standardů jak se věci dělají What This Role Is NOT: — Tahle role není Head of PMO — strategická agenda firmy není tvůj záběr; tvůj záběr je delivery, tým a zákazník — Není to čistě manažerská role — půl tvého času jsi sám na projektech jako PM — Nejsi zodpovědný za technický návrh řešení — k tomu máš architekty a presales; musíš ale rozumět o čem se mluví Operating Model: Praha, full time, HPP (IČO není možné). Hybrid — 2 dny v kanceláři týdně. Čeština primárně + angličtinaZaujalo tě to? Aplikuju, nebo napiš: | linkedin.com/in/jirisoljak CV není potřeba — stačí LinkedIn profil a pár vět o sobě. Budeš mluvit přímo se zkušeným IT headhunterem s vlastní IT praxí — 450+ náborů. Relevantní diskuze bez HR balastu. Proces: — Krátký úvodní call (15–30 min) — Maximálně 2 kola — pokud věc dává smysl, rozhodnutí přijde i po prvním — Před finálním rozhodnutím osobní setkání — V každém kroku víš, kde jsi. EU work authorization required. No visa sponsorship.