At Gravity Team, we are on a mission to promote the adoption of fair, accessible, transparent, efficient, and censorship-resistant markets.
We are looking for a highly motivated Blue Team Defender as our next SecOps Engineer. You will own the detection and response lifecycle across our security stack. You won't be watching dashboards, you'll be building the logic that makes dashboards worth watching and that feeds the security lake our agentic security solutions will depend on.
Detection Engineering:
Author, test, tune, and maintain detection rules in CrowdStrike NGSIEM using CQL, covering endpoint, identity, network, cloud, and data exfiltration threat categories
Map detection coverage to MITRE ATT&CK and identify gaps. Build detection logic informed by real-world TTPs, not just vendor defaults.
Develop and maintain Falcon Fusion SOAR playbooks for automated enrichment, containment, and triage workflows
Manage IOC correlation using CrowdStrike's native CTI and external threat intelligence feeds.
Reduce false positive rates and improve signal quality across all detection categories. You own detection fidelity as a measurable outcome.
Data Engineering for Security:
Onboard and normalise third-party log sources into CrowdStrike NGSIEM (OKTA, Zscaler ZIA/ZPA, AWS CloudTrail, GuardDuty, CyberArk PAM)
Manage data lifecycle, parsing pipelines, and retention policies across both CrowdStrike NGSIEM (operational) and Elastic (long-term data lake and compliance archive).
Ensure reliable signal ingestion and resolve integration failures across endpoint agents, log forwarders, and API-based data sources.
Incident Response and Investigation:
Investigate security events using CrowdStrike XDR, correlating endpoint, identity, network, and cloud telemetry to determine scope and impact.
Perform technical analysis of threat events, including attacker techniques across Windows, macOS, and Linux.
Support incident triage, coordinate with internal teams and vendors during high-severity incidents, and contribute to post-incident detection improvements.
A degree in Computer Science, Cybersecurity, or Management Information Systems, and/or relevant industry certifications (GIAC GSOC, CompTIA CySA+, or equivalent).
Required experience (~4 years in a dedicated cybersecurity role):
CrowdStrike Falcon XDR - hands-on SOAR playbook creation, detection, investigation and response
SIEM platform engineering - Crowdstrike NGSIEM/Elastic. You’ve written detection rules, not just consumed alerts.
Detection rule development and tuning - writing correlation logic, managing detection-as-code workflows, measuring detection effectiveness
Incident response - triage, investigation, escalation, and post-incident analysis in a production environment.
Scripting and automation - Python, Bash, or PowerShell to fill tooling gaps, automate repetitive tasks, and extend platform capabilities.
Bonus Points If You Have:
Cloud Security - AWS (CloudTrail, GuardDuty, IAM, security groups)
SASE/CASB/DLP (ZScaler ZIA + ZPA preferred)
IAM (OKTA, Entra)
Experience with securing remote workforce
Open idea meritocracy and close to zero bureaucracy.
Fast-moving, challenging, and truly unique business problems.
Work together with a small but highly talented team.
Competitive salary and motivating bonus system.
Learning & Development budget: €3000 annually.
Profit shares.
Benefits that you can combine yourself: free food, Bolt taxi, Sports, Spa & Wellness, etc.
Flexible working hours, casual work attire, and a startup atmosphere.
Possibility to participate in global crypto events, with real and tangible impact on many markets worldwide.
Matrix Design Group LLC
Motorola Solutions
Guidehouse
Aldevron
Abercrombie & Fitch Co.
Gravity Team
Gravity Team