Senior Purple Operations Engineer

Responsibilities:

• Tune EDR, SIEM, and XDR detections to reduce false positives and improve alert quality.
• Build and maintain detection rules, correlation searches, dashboards, watchlists, and response workflows.
• Translate Red Team, Purple Team, incident, and Threat Intelligence findings into repeatable defensive checks.

Requirements:

• Experience tuning EDR, SIEM, XDR, or SOC monitoring platforms.
• Strong understanding of endpoint, identity, cloud, network, and web attack behaviors.
• Practical experience writing detection logic in KQL, SPL, EQL, Lucene, Sigma, YARA, or similar.

Technology Expertise:

• Microsoft Defender XDR, CrowdStrike Falcon, SentinelOne, Microsoft Sentinel, Splunk Enterprise Security, Elastic Security, Google SecOps.
• Sigma, YARA, KQL, SPL, EQL, Lucene, Python, PowerShell, Bash, MITRE ATT&CK, Atomic Red Team, Caldera, Vectr, TheHive, Jira, Confluence, GitHub, GitLab, osquery, Sysmon, Zeek, Suricata, AWS CloudTrail, GuardDuty, Azure, Entra ID, Google Workspace, Okta, Cloudflare, Kubernetes logs.