Security Operations Center Analyst

Our client is a global technology and professional services company with a Cyber Center based in Prague. The team supports enterprise clients across multiple industries and operates as a mature, production-grade security organization — not a lab environment or short-term pilot setup. The Prague office consists of approximately 270 professionals. The broader security operations unit has around 80 people, including roughly 27 engineers responsible for the technical layer — SIEM platforms, detection pipelines, and incident response tooling. English is used for client-facing communication and documentation; Czech is the day-to-day language within the local team. Why This Role Exists Now: The security operations team is expanding. Two new engineers are joining in parallel — one focused on broader SIEM platform operations (separate ad), while this role is aimed at someone with deeper expertise in cloud SIEM architecture, detection engineering at scale, and advanced-level Splunk Enterprise Security or Microsoft Sentinel analytics. The team already includes senior engineers who designed parts of the current detection architecture, meaning critical knowledge and mentorship are available from day one. IBM QRadar is entering maintenance mode. If you've spent years on QRadar and know the transition is coming, this is where that transition happens — with a team already running Splunk ES and Sentinel in production, and a clear onboarding path into both.What Matters Most: This role is for someone who thinks in terms of detection logic, not just queries. Three things are essential: — Advanced SIEM expertise — Splunk Enterprise Security (risk-based alerting, notable event management, ES data models) or Microsoft Sentinel (analytics rules at scale, KQL optimization, UEBA, Fusion), with 3+ years of real production experience — Detection engineering mindset — understanding of threat models (MITRE ATT&CK), ability to map detection gaps to adversary behavior, and write detection rules that are effective without generating excessive noise — Strong understanding of data pipelines — knowledge of log source behavior, normalization principles, and the impact of broken parsing rules English should be strong enough for technical documentation and client-facing reporting. If your background is QRadar or a single-vendor environment — that's fine. SPL and KQL are tools. We care about how you think about detection, not which query language you currently know. Nice to Have: — Chronicle / Google SecOps experience — YARA-L detection rules, UDM data model — SOAR experience — Splunk SOAR (Phantom), Microsoft Sentinel playbooks, or similar tooling — Certifications such as Splunk Core Power User / Architect, Microsoft SC-200, GCIA, GCIH — Threat hunting experience — proactive analysis of historical data for indicators of compromiseRole / Mission: Your primary responsibility will be detection engineering and SIEM platform ownership — not alert monitoring. You'll design and maintain correlation rules and analytics, ensure incoming data is properly parsed and normalized, and build detection logic that identifies meaningful threats without overwhelming analysts with noise. Primary platforms include Splunk (including Splunk Enterprise Security) and Microsoft Sentinel. Chronicle / Google SecOps is present in selected client environments, so experience with it is a strong advantage. QRadar and ArcSight still exist in several legacy environments. Success after 12 months means owning at least one major detection domain. Your analytics rules have measurably reduced false positives, and you can clearly explain why specific rules are tuned the way they are. Key Responsibilities: — Design, build, and maintain detection analytics in Splunk ES (correlation searches, risk-based alerting) and/or Microsoft Sentinel (analytics rules at scale, KQL, Fusion detections) — Manage data ingestion pipelines — onboarding log sources, parsing, normalization, field extractions — Conduct threat-informed detection reviews: map coverage against MITRE ATT&CK, identify gaps, prioritize improvements — Support incident response escalations through platform-level investigations — advanced queries, timeline reconstruction — Contribute to SOAR playbook development and automation logic — Participate in on-call rotation and lead post-incident reviews related to platform-level issues What This Role Is NOT: — Not a Tier 1 analyst role — you'll work upstream from triage, designing the logic that enables effective detection and response — Not a pure administration role without detection ownership — the expectation is to build and improve, not only configure — Not an isolated research position — your work directly impacts live enterprise environments, so quality matters from day one Operating Model: Standard working hours, no shift work. On-call rotation is shared across the engineering team. Hybrid setup in Prague or fully remote is also possible. Reports to: Head of Security Engineering Language: English for client-facing communication and technical documentation; Czech for internal team collaboration Travel requirements: minimal.Interested? Let's Talk If this sounds like the kind of challenge you're looking for, apply now. Throughout the process, you'll work with a senior recruiter who has hands-on IT experience. Straightforward communication, technically grounded discussions, and no unnecessary recruitment overhead. Send your CV or LinkedIn profile to or connect via linkedin.com/in/jirisoljak Interview Process: — Intro call with a SITEQ recruiter — 30 minutes covering the role and client context — First interview with the team lead — team structure, responsibilities, day-to-day collaboration — Technical interview with a senior engineer from the security operations team — detection logic, platform depth, real-world scenarios (no trick questions) — Offer Please note: this position is open only to candidates who are eligible to work in the EU without visa sponsorship and are able to reside and work in the Czech Republic.

Leading international technology company specializing in the development and operation of payment systems. They rank among the most significant global providers of payment solutions — their technology and services are used daily by millions of customers and businesses across continents. The company continuously invests in innovation, including blockchain and digital currency technologies, ensuring secure and reliable real-time transaction processing. The Prague team manages core systems handling payment authorization and processing. This role is focused primarily on security perimeter and application delivery layer (CheckPoint & F5) within mission-critical infrastructure across Europe and the U.S.• Minimum 4+ years of experience in Network / Security engineering • Strong hands-on experience with CheckPoint firewalls • Strong hands-on experience with F5 BIG-IP LTM • Solid understanding of TCP/IP, routing, VPN, NAT, and security best practices • Experience troubleshooting across L3–L7 layers • Solid Linux administration skills • Familiarity with network monitoring and management tools • Communicative English; proficiency in Czech or Slovak required Nice to have: • CheckPoint or F5 certifications • Experience in high-availability enterprise environments • Experience with hybrid or cloud-integrated infrastructureAs part of the Network & Security team, you will take ownership primarily of firewall and load balancing technologies across enterprise data center and production environments. Your key responsibilities: • Administration and optimization of CheckPoint firewalls (R80+) – policy management, VPN, IPS, threat prevention, clustering • Management of F5 BIG-IP (LTM) – load balancing, SSL offloading, traffic management, HA configuration • Advanced troubleshooting across L3–L7 layers in production environments • Implementation of security segmentation and performance optimization measures • Monitoring and incident response, including participation in a weekly on-call rotation • Cooperation with the Security team on upgrades, migrations, and vulnerability remediation • Preparation of documentation and audit reports related to infrastructure compliance • Continuous improvement of network reliability, performance, and resilience Cisco routing/switching remains part of the environment, but the primary focus of this role is security and application delivery infrastructure, not general network operations. You will collaborate daily with colleagues from Europe and the U.S.Interested? Apply now and speak with a senior IT recruiter who understands both the technology and the people behind it. Please note: This position is open only to candidates eligible to work in the EU without visa sponsorship, residing in the Czech Republic long-term, with proficiency in Czech or Slovak.