Resumen del puesto por JobGrid
Security Engineer, Security Operation & Vulnerability Monitoring at crypto: Sofia, Bulgaria; Presencial; Tecnología; Ingeniería de seguridad. JobGrid adds normalized role facts, source context, and a path to the employer application page so candidates can compare the listing before applying.
- Location and workplace: Sofia, Bulgaria, Presencial
- Role classification: Tecnología, Ingeniería de seguridad
- Source freshness: checked by JobGrid on 2026-05-31.
- Application path: candidates continue to the employer application page with non-personal referral tags.
We are looking for an intermediate level security specialist to join our Global Cybersecurity Services Team. As part of our modern cybersecurity operating model, the role will be engaged in enhancing our security technology stack, building AI driven security automation workflows and contributing to security operations.
We are building a modern, multi-cloud, intelligence driven security operations capability that will heavily involve AI and automation; and will require engineering and operational skills at all levels.
Responsibilities:
- Threat Monitoring Investigations - Deep dive into Tier 1 & Tier 2 security operations escalations, performing incident triage and root cause analysis. Proficient in performing investigations using open source and proprietary tools, including but not limited to - EPP/EDR/XDR software, Digital Forensics tools/software, SIEM platforms, etc.
- AI & Automation - Contribute to building an agentic SOC by deploying AI-driven agents for autonomous threat reasoning and triage. Orchestrate automation workflows from initial detection to containment, utilizing custom scripts and SOAR playbooks to accelerate response times.
- Vulnerability Management & Response - Lead rapid response initiatives for zero-day vulnerabilities by conducting technical impact assessments and validating compensating controls to minimize exposure. Engineer multi-layered detection opportunities across the security stack to identify exploitation attempts and bridge visibility gaps throughout the patching lifecycle.
- Incident Response - Proficient in end-to-end Incident Response. Able to take the lead and provide guidance during investigations and incidents to pivot the investigation, drive containment, mitigation and other security outcomes. Proficient in cloud-native detection and CNAPP platforms.
- Security Projects - Lead projects and initiatives that may involve - Cloud Security Posture Management (CSPM), Container Security, Native Cloud Security Enhancements (AWS, Azure, GCP), Runtime Vulnerability Management, Endpoint Security enhancements, Threat Hunting, Compromise Assessments, Network/Endpoint/Cloud security reviews, etc.
Requirements:
- 2-5 years of experience in Information Security, with technical hands-on experience in Security Operations, Security Engineering, Digital Forensics, Incident Response, Endpoint Security or Cloud Security.
- Experience in AI-augmented software development using tools like Claude Code, Codex, and Gemini, with a deep understanding of LLM methodologies and integration workflows.
- Working Experience with SIEM, EPP/EDR/XDR, SOAR, Cloud Security (CSPM, Container Security, etc), Digital Forensics software & tools.
- Working experience with Cloud environments like AWS, Azure and GCP.
- Experience in using scripting languages to automate tasks and manipulate data or programming experience.
- Highly self-motivated, attention to detail and outcome driven.
- Proficiency in verbal and written English.
- On-call is required.