2. Pracovní nabídky
  3. Security Operations Engineer – SIEM & Platform

Security Operations Engineer – SIEM & Platform

A global technology company runs a Cyber Center in Prague — around 270 people, with roughly 80 in security operations. They're looking for a Security Operations Engineer who can run SIEM platforms, tune detections, and own the work end-to-end.

Salary 90 000–130 000 CZK gross per month. Hybrid setup in Prague or fully remote is also possible.

Good fit if you have 3–4 years working hands-on with Splunk or Microsoft Sentinel, you're comfortable on Linux, and you'd rather build reliable detections than produce daily PowerPoint reports.

Mám zájem
Typ

Permanent

Úvazek

Full time

Finance

90.000 - 130.000

Lokalita

Hlavní město Praha
Remote

ID

STQ_523_JOB

About our client

Our client is a global technology and professional services company with a Cyber Center in Prague. The team serves enterprise clients across multiple industries and operates as a mature, production-grade security operation — not a lab, not a pilot.

The Prague team is around 270 professionals. The security operations unit has ~80 people, including roughly 27 engineers who own the technical layer — SIEM platforms, detection pipelines, incident response tooling. English is the language of client-facing work; Czech is day-to-day inside the team.

Why This Role Exists Now:
The security operations team is expanding. Two new engineers are joining — this is one of two roles being filled at the same time. The other role goes deeper on cloud SIEM (separate ad).

The team has experienced engineers who know the detection architecture well, and now is a good moment to join — the knowledge transfer opportunity is real and accessible from day one.

If you've been in an MSSP environment where detection ownership stays with the vendor or a central content team — this role is built differently. Most MSSP setups give you the SIEM. This one gives you the rules.

Job description

Role / Mission:
Your job is to keep the SIEM infrastructure healthy and make sure the detections it runs actually catch things worth catching.

Day-to-day: monitoring and triaging alerts, maintaining log source pipelines, tuning correlation rules, and working with analysts when something escalates. You'll also write and maintain playbooks so the team doesn't reinvent the wheel during incidents.

Tech context: the team runs Splunk and Microsoft Sentinel as primary platforms. QRadar and ArcSight in the mix from legacy clients. Chronicle/Google SecOps is present in some environments — knowledge there is a plus.

Success in 12 months: you own your detection playbooks, you've added at least one meaningful improvement to the ingestion or detection layer, and when someone has a question about platform behavior, they come to you first.

Key Responsibilities:
— Monitor, triage, and investigate alerts across SIEM platforms (primarily Splunk and Microsoft Sentinel)
— Build, tune, and maintain detection rules and correlation logic — SPL, KQL, or both
— Maintain SIEM infrastructure: log sources, ingestion pipelines, platform health, onboarding new data feeds
— Write and update incident response playbooks; support L1/L2 analysts during active investigations
— Participate in on-call rotation; contribute to post-incident documentation and lessons learned

What This Role Is NOT:
— Not a pure L1 analyst position — you're here to engineer and improve, not just watch dashboards
— Not a client-facing sales or advisory role — this is delivery, inside the engine room
— Not a solo build-from-scratch project — you're joining an existing team with live infrastructure

Operating Model:
Standard working hours, no shift work. On-call is a shared rotation across the engineering team. Hybrid setup in Prague or fully remote is also possible. Reports to: Head of Security Engineering. English for client documentation; Czech for internal team communication. Travel is minimal.

Requirements

What Matters Most:
We're not looking for someone who ticked every checkbox on a certification list. Three things actually matter:

— SIEM hands-on time — you've worked with Splunk (SPL queries, correlation searches) or Microsoft Sentinel (KQL, analytics rules) for at least 2 years in a production environment
— Linux system knowledge — you understand how logs are generated, how syslog works, what endpoint telemetry looks like
— Detection thinking — you can write a correlation rule from scratch, explain why it's tuned the way it is, and recognize when a low-severity alert is worth investigating

English needs to be solid for reading technical documentation and writing client-facing reports.
If your background is primarily QRadar or ArcSight — that's a valid starting point. We care more about your engineering instincts than the vendor logo.

Nice to Have:
— Experience with Chronicle/Google SecOps — YARA-L rules, UDM data model
— Familiarity with QRadar or ArcSight from client or previous employer environments
— Security certifications: GCIA, CEH, CompTIA Security+, Microsoft SC-200, or Splunk Core Certified
— Scripting for automation — Python, PowerShell, or bash for log parsing or playbook triggers

Don't let the nice-to-haves stop you. If you have the three core things, the rest can be learned.

Offer & Terms

Compensation & role impact:
— Salary 90 000–130 000 CZK gross / month, based on seniority and experience
— Access to top-tier enterprise projects not available to individual contractors
— Strong project governance and architectural standards
— International environment – not a ticket factory
— Real opportunity to influence and strengthen Prague-based technical leadership

Investing in your future:
— Individual training roadmap prepared for every engineer — paid certifications included (Splunk Core/ES, Microsoft SC-200, SANS and others)
— Support for technical bootcamps
— Employee share purchase program (up to 10% of salary)
— Mentoring and coaching
— Private healthcare
— Contributions to life and pension insurance

Work & flexibility:
— 5 weeks of vacation + sick days
— Company mobile phone
— Employee referral program

Wellbeing & leisure:
— Cafeteria benefits
— Wellness and recreation vouchers

More information

Interested? Let's Talk
If this sounds like your kind of challenge, apply now — let's build something great together.

Throughout the process, you'll be guided by a senior recruiter with hands-on IT experience. Straightforward, technically grounded, without unnecessary recruitment overhead.

Send your CV or LinkedIn profile to or reach out via linkedin.com/in/jirisoljak

Interview process:
— Intro call with SITEQ recruiter — 30 minutes, we'll explain the role and client context
— First interview with the team lead — get to know each other, talk about the team and day-to-day
— Technical interview with a senior engineer from the security operations team — hands-on discussion, no trick questions
— Offer

Please note: this position is open only to candidates eligible to work in the EU without visa sponsorship, able to reside and work in the Czech Republic.

Mám zájem
Mám zájem

Mám zájem o tuto pozici

+420 222 765 001

>_Dejte nám o sobě vědět

    Podobné pozice

    Security Delivery Consultant

    Lokalita

    Hlavní město Praha
    Hybrid

    Typ

    Permanent
    Contract

    Obor

    Networks / Security

    Finance

    90.000 - 150.000 CZK

    Česká technologická společnost specializovaná na kybernetickou bezpečnost. Více než deset let poskytuje služby v oblasti bezpečnostního monitoringu, detekce hrozeb a provozu SOC. Pokrývá celý cyklus — od architektonického návrhu a implementace přes migrace až po dlouhodobý provoz a rozvoj bezpečnostních služeb. Tým čítá přibližně 25 lidí — experti, konzultanti, security specialisti, analytici, inženýři i developeři. Technologicky staví na širokém multi-vendor portfoliu — IBM QRadar, Palo Alto XSIAM/XDR, Fortinet SecOps, SentinelOne, Greycortex, Flowmon a další. Nejsou navázaní na jednoho vendora a technologie vybírají podle toho, co dává smysl v prostředí zákazníka — ne podle partnerských kvót nebo ceníku. Pokud některý produkt narazí na limit, interní L3 vývojový tým chybějící funkcionalitu doplní. Zákazníci přicházejí z řady oborových vertikál — fintech, banking, utility, veřejný sektor. Projekty běží jak ve velkých enterprise organizacích, tak v prostředí kritické infrastruktury. Firma roste a hledá lidi, kteří dokážou spojit technické porozumění s konzultačním a delivery přesahem. Why This Role Exists Now: Tým Security Professional Services dnes tvoří jedenáct lidí napříč rolemi security analytiků, inženýrů a konzultantů. Vedoucí týmu aktuálně kombinuje konzultace se zákazníky, delivery řízení, pre-sales i koordinaci technického týmu. S rostoucím množstvím projektů už firma nehledá další čistě exekuční kapacitu — potřebuje člověka, který dokáže strukturovat delivery, zadávat práci a držet kvalitu výstupů napříč projekty.What Matters Most: - Silné IT hard skills — rozumíš infrastruktuře (sítě, servery, cloud, segmentace, zónování) a dokážeš ji posuzovat z pohledu bezpečnosti. - Zkušenost z enterprise prostředí — víš, jak fungují procesy ve velkých organizacích, a umíš se v nich pohybovat. - Schopnost převést byznysový požadavek do konkrétního technického zadání — z obecného problému vytvořit smysluplný scope, priority a realizovatelný plán. - Konzultantský přesah — umíš vést věcnou technickou diskuzi s bezpečnostním i infrastrukturním týmem zákazníka. - Umíš zadat práci, ohlídat kvalitu a dotáhnout projekt do konce. - Čeština nebo slovenština na nativní úrovni — komunikace se zákazníky probíhá česky. - Angličtina na úrovni běžné technické komunikace a práce s dokumentací. Nice to Have: - Hands-on zkušenost s XDR/NDR platformami (Palo Alto, SentinelOne, Fortinet, Greycortex). - Zkušenost s SIEM platformami (IBM QRadar, FortiSIEM, Splunk, Elastic, Microsoft Sentinel). - Zkušenost s SOAR nástroji a automatizací bezpečnostních workflow. - Znalost MITRE ATT&CK frameworku a principů detection engineering. - Předchozí zkušenost s vedením malého týmu nebo mentorováním kolegů. - Background v IT architektuře, síťové bezpečnosti nebo infrastrukturním poradenství.Role / Mission: Budeš dalším z expertního týmu Security Professional Services. Tvým úkolem bude převádět vysokoúrovňové požadavky zákazníků ("potřebujeme zlepšit detekci", "sjednotit bezpečnostní monitoring", "dostat větší kontrolu nad prostředím") do konkrétních technických zadání pro inženýry a následně hlídat kvalitu i reálný přínos dodávky. Nejde o úzce specializovanou roli zaměřenou na jednu technologii. Důležité je rozumět tomu, jak jednotlivé bezpečnostní technologie zapadají do celého prostředí zákazníka a jak z nich poskládat funkční řešení. Typický projekt: zákazník z kritické infrastruktury chce nasadit XDR a napojit ho na stávající SIEM. Společně se zákazníkem projdeš, co dává smysl monitorovat, navrhneš detekční strategii, rozpadneš to na úkoly pro inženýry, a pak ohlídáš, že výsledek odpovídá tomu, co zákazník skutečně potřeboval — ne jen tomu, co zaznělo na prvním callu. Key Responsibilities: - Konzultace se zákazníky z enterprise segmentu (fintech, banking, utility, veřejný sektor) — převod jejich potřeb do jasného technického zadání. - Řízení delivery bezpečnostních projektů — od scoping přes implementaci po předání. - Zadávání práce inženýrům a kontrola kvality výstupů — důraz na konzistenci, funkčnost a reálný přínos pro zákazníka. - Návrh detekčních strategií a bezpečnostních architektur ve spolupráci s technickým týmem — bez fixace na konkrétního vendora, podle potřeb prostředí. - Odborné zastřešení vybrané oblasti (XDR/NDR, SIEM, SOAR — podle tvého backgroundu). - Spolupráce na pre-sales aktivitách — ukázky, technické konzultace, příprava nabídek. - Mentoring juniorů a mediorů, pomoc se strukturováním jejich práce. What This Role Is NOT: - Nejde o čistě inženýrskou roli — nebudeš trávit celý den konfigurací pravidel a administrací nástrojů. Na to je v týmu samostatná kapacita. - Nejde ani o klasický projektový management zaměřený na reporting, harmonogramy a resource planning. Klíčový je obsah, kvalita a směr delivery. - Role není postavená na auditu, compliance ani GRC agendě. Operating Model: Hybridní práce — kanceláře na Praze 4, 3 dny v kanceláři. Spolupráce na HPP nebo IČO dle preferencí. Žádná směnná práce, žádný on-call. Projekty mají normální pracovní režim. Reporting: Security Professional Services Lead. Ve výsledku jde o seniorní partnerskou roli s velkou mírou autonomie.Pozice je vhodná pro zkušené bezpečnostní konzultanty i seniorní infrastrukturní specialisty s přesahem do security. Důležité je umět vést technickou diskuzi se zákazníkem, strukturovat delivery a držet kvalitu výstupů. Kontakt: | linkedin.com/in/jirisoljak Výběrový proces probíhá přímo s vedením společnosti a Security Professional Services Leadem, takže získáte detailní představu o fungování týmu, projektech i technologickém stacku. První kolo je neformální technická debata — bez HR koleček a testů osobnosti. Zaujalo? Ozvěte se! Výběrovým procesem vás provede seniorní IT recruiter, který má vlastní technický background a rozumí tomu, o čem se bude mluvit. This opportunity is open only to candidates based in the Czech Republic with valid EU work authorization and a registered EU freelance/business license (B2B). No visa sponsorship is available.

    IAM / Identity Security Analyst

    Lokalita

    Hlavní město Praha
    Hybrid

    Typ

    Permanent
    Contract

    Obor

    Networks / Security

    Finance

    75.000 - 100.000 CZK

    International technology group with 30+ years in the market, 800+ professionals, and offices across Central and Eastern Europe. They deliver projects in IT infrastructure, data centres, cloud solutions, and cybersecurity. The company is growing — clients are expanding their demand, new projects are coming in, and there's space for new competencies. The Cyber Security / IAM division currently works heavily with the IdStory platform, but the environment includes other IAM/IDM solutions too. They need someone who can handle the full cycle from analysis to implementation. Why This Role Exists Now: Client demand for identity security is growing. The IAM division is expanding its project portfolio and needs someone who can own the full delivery cycle — from analysis through architecture to go-live. There's space for new competencies and platforms beyond IdStory. The right person can shape what the IAM practice looks like going forward.What Matters Most: — IAM/IDM experience — minimum 3–5 years in IT security / IAM. Real implementation experience, not just operations — IAM platforms — IdStory, SailPoint, One Identity, Entra ID, Okta, or similar. Knowing one superficially isn't enough — Client-facing communication — analysis, consultations, presenting solutions. This is non-negotiable — Integration and APIs — REST, SOAP, GraphQL. You know how to connect systems Fluent Czech or Slovak required. English at a level where you can handle a normal working discussion. Nice to Have: — SQL and databases — you work with data, not just look at GUIs — Scripting (Groovy, PowerShell, Python) — Basic Linux knowledge — Identity governance concepts and identity lifecycle management — Experience with HR systems and their integration with IAM These are nice to have — not hard filters.Role / Mission: You own the full cycle — from the first client workshop through architecture to go-live. You walk into a client's environment, map what's actually there, ask the right questions, pull the data together into a document, and design a new architecture. Then you implement it. You're an analyst and implementer in one — not someone who waits for a spec. After 12 months, this is what good looks like: completed projects, clients who trust you, and working identity integrations in real environments. Key Responsibilities: — You analyse customer requirements and design IAM/IDM architecture — You implement and integrate identity solutions into client environments — You handle incidents and operational support within SLA — not as the core of your work, but as part of it — You create technical documentation — actually useful materials, not formal paperwork — You provide technical consultations to clients — You contribute to presales — solution proposals, presentations, technical input for bids — You work with sales, presales, support, and delivery teams What This Role Is NOT: — Not AD administration — you won't be resetting passwords and creating accounts — Not a pure operations role — SLA tickets are part of the job, but not the core — Not an isolated position — client and team communication is key Operating Model: Prague-based, remote-friendly. More time in the office during onboarding. After that, remote is possible — but you're expected at the office or client sites as needed. Most of the business is in and around Prague, so a reasonable commute matters. No 24/7 on-call. Permanent contract preferred, freelance possible. Czech or Slovak proficiency required. Direct report: Head of Network & Security division.Interested? Apply or get in touch: | linkedin.com/in/jirisoljak No CV needed — a LinkedIn profile and a few sentences about yourself is enough. You'll speak directly with a senior IT recruiter with hands-on IT background — 450+ hires. A relevant conversation without the HR fluff. Process: — Short intro call (15–30 min) — Maximum 2 rounds — if there's a fit, a decision can come after the first one — In-person meeting before the final decision — You'll know where you stand at every step EU work authorization required. No visa sponsorship.
    Všechny pozice
    Práce v IT