Security Operations Engineer (She/ He/ They)

CAPCO POLAND 

*We are looking for Poland based candidate. 

Capco is a fully independent, global management and technology consultancy. For 25 years we have combined innovative thinking with deep industry knowledge to deliver business consulting, digital transformation and technology services to Finance and Energy markets. Our collaborative and efficient approach helps clients reduce costs and manage risk and regulatory change while increasing revenues. We are thinkers, innovators, and disruptors. We are small enough to care but large enough to matter.

Key Responsibilities:

• 
  
  Detection Engineering: Design, build, and optimize SIEM detection rules (with a focus on Microsoft Sentinel)
  
  


• 
  
  Testing & Automation: Develop and execute test cases for detection logic; automate validation processes using scripting
  
  


• 
  
  Application Onboarding: Support onboarding of critical applications into the security monitoring ecosystem
  
  


• 
  
  Requirements Gathering: Collaborate with application teams to define logging requirements and detection use cases
  
  


• 
  
  Workshop Facilitation: Lead and moderate workshops with stakeholders to align on threat scenarios and security capabilities
  
  


• 
  
  Technical Documentation: Produce clear and comprehensive documentation covering detection logic, threat models, and validation results
  
  


• 
  
  Collaboration: Work closely with SOC, engineering, and red teams to enhance alert fidelity and incident response effectiveness
  
  


• 
  
  Compliance Delivery: Contribute to threat verification and ensure deliverables meet ALaM program and DORA milestones
  
  

Required Skills and Experience:

• 
  
  
  

  
  
  • SIEM Expertise: Hands-on experience with SIEM platforms (strong preference for Microsoft Sentinel)
  
  
  • Detection Engineering: Proven track record in creating, tuning, and testing detection rules
  
  
  • Scripting & Automation: Proficiency in Python, PowerShell, Bash, or similar for automation use cases
  
  
  • Communication: Strong English communication skills with the ability to confidently lead stakeholder workshops
  
  
  • Technical Knowledge: Understanding of cloud (Azure, AWS), operating systems (Windows, Linux), and database environments (SQL, Oracle)
  
  
  • Autonomy: Ability to work independently in a dynamic, high-volume onboarding environment
  
  

  
  

  Technology Stack

  
  

  
  
  • SIEM & Security: Microsoft Sentinel
  
  
  • Cloud & Infrastructure: Azure, AWS, Windows, Linux, SQL, Oracle
  
  
  • Scripting & Automation: KQL, Python, PowerShell, Bash
  
  

  
  
  
  

Nice to have:

• 
  
  Experience in threat modelling and defining threat profiles
  
  


• 
  
  Familiarity with DORA or other regulatory frameworks in financial services
  
  

We have been informed of several recruitment scams targeting the public. We strongly advise you to verify identities before engaging in recruitment related communication. All official Capco communication will be conducted via a Capco recruiter.

We offer a flexible collaboration model based on a B2B contract, with the opportunity to work on diverse projects.

#LI-REMOTE