Security Operations Engineer

**This is a Permanent role ("Umowa o pracę") and not a B2B contract**

Role Overview

The Security Operations Engineer is a senior individual contributor responsible for detecting, investigating, and responding to security threats across Apollo’s cloud-native and SaaS environments. This role requires strong technical depth, independent judgment, and ownership of complex security investigations from intake through resolution.

This role operates in a fully remote environment and emphasizes clear written communication, operational rigor, and effective collaboration.

Key Responsibilities

Incident Detection, Investigation & Response

• Monitor, triage, and investigate security alerts and events across cloud infrastructure, SaaS applications, and corporate systems.
• Conduct end-to-end security investigations, including scoping, containment, eradication, recovery, and documentation.
• Own investigations independently while collaborating effectively during high-severity incidents.

SIEM, Detection & Workflow Engineering

• Configure and maintain SIEM detections in Panther, including use cases, correlation rules, alert logic, and tuning.
• Onboard, validate, and maintain log sources to ensure visibility, accuracy, and reliability.
• Design and improve investigation and response workflows to streamline triage, escalation, and resolution.
• Leverage AI-assisted tools to accelerate alert analysis, enrichment, and investigation efficiency.

Threat Hunting & Proactive Security

• Perform proactive threat-hunting activities to identify malicious or anomalous behavior not surfaced by existing detections.
• Investigate abuse, fraud, account compromise, and automation misuse scenarios in close collaboration with Fraud teams.
• Identify detection gaps and propose, implement, and validate improvements.

Automation, Coding & Tooling

• Build scripts, automations, and tools to reduce manual work and improve response speed and consistency.
• Use Python extensively for analysis, automation, and internal tooling; Ruby experience is a plus.
• Contribute to internal detection frameworks, tooling, and shared libraries.

Documentation & Continuous Improvement

• Produce clear, high-quality documentation for incidents, investigations, and post-incident reviews.
• Contribute to runbooks, playbooks, and operational standards.
• Share knowledge, review peer work, and mentor other engineers.

Required Skills & Experience

• 5+ years of experience in Security Operations, Incident Response, or Security Engineering.
• Hands-on experience with SIEM platforms (experience with Panther is highly valued), log analysis, and detection engineering.
• Experience investigating security incidents in cloud-native environments (GCP preferred; AWS and Azure also relevant) and SaaS applications.
• Experience automating security workflows and investigations.
• Proficiency in Python; familiarity with Ruby preferred.
• Ability to operate independently, prioritize effectively, and make sound technical decisions under pressure.

Preferred Qualifications

• Experience using AI or ML-powered security tools for detection, investigation, or response.
• Familiarity with vulnerability management concepts and remediation workflows.
• Relevant certifications such as GCIA, GCIH, GCED, AWS / GCP Security certifications, or Security+.
• Prior experience working in fully remote, distributed teams.