Security Operations Engineer (She/ He/ They)

CAPCO POLAND *We are looking for Poland based candidate. Capco is a fully independent, global management and technology consultancy. For 25 years we have combined innovative thinking with deep industry knowledge to deliver business consulting, digital transformation and technology services to Finance and Energy markets. Our collaborative and efficient approach helps clients reduce costs and manage risk and regulatory change while increasing revenues. We are thinkers, innovators, and disruptors. We are small enough to care but large enough to matter. We are seeking a highly skilled Security Operations Engineer to support the expansion of a strategic security program focused on onboarding critical applications into enhanced monitoring capabilities.In this role, you will play a key part in building and optimizing SIEM detection capabilities, supporting threat verification, and enabling regulatory alignment with DORA (Digital Operational Resilience Act) requirements by the end of 2026. You will work at the intersection of SIEM engineering, threat modelling, and security operations, contributing directly to improving detection accuracy and strengthening overall security posture. Key Responsibilities: Detection Engineering: Design, build, and optimize SIEM detection rules (with a focus on Microsoft Sentinel) Testing & Automation: Develop and execute test cases for detection logic; automate validation processes using scripting Application Onboarding: Support onboarding of critical applications into the security monitoring ecosystem

Requirements

Gathering: Collaborate with application teams to define logging requirements and detection use cases Workshop Facilitation: Lead and moderate workshops with stakeholders to align on threat scenarios and security capabilities Technical Documentation: Produce clear and comprehensive documentation covering detection logic, threat models, and validation results Collaboration: Work closely with SOC, engineering, and red teams to enhance alert fidelity and incident response effectiveness Compliance Delivery: Contribute to threat verification and ensure deliverables meet ALaM program and DORA milestones Required Skills and Experience: SIEM Expertise: Hands-on experience with SIEM platforms (strong preference for Microsoft Sentinel) Detection Engineering: Proven track record in creating, tuning, and testing detection rules Scripting & Automation: Proficiency in Python, PowerShell, Bash, or similar for automation use cases Communication: Strong English communication skills with the ability to confidently lead stakeholder workshops Technical Knowledge: Understanding of cloud (Azure, AWS), operating systems (Windows, Linux), and database environments (SQL, Oracle) Autonomy: Ability to work independently in a dynamic, high-volume onboarding environment Technology Stack SIEM & Security: Microsoft Sentinel Cloud & Infrastructure: Azure, AWS, Windows, Linux, SQL, Oracle Scripting & Automation: KQL, Python, PowerShell, Bash Nice to have: Experience in threat modelling and defining threat profiles Familiarity with DORA or other regulatory frameworks in financial services We have been informed of several recruitment scams targeting the public. We strongly advise you to verify identities before engaging in recruitment related communication. All official Capco communication will be conducted via a Capco recruiter. We offer a flexible collaboration model based on a B2B contract, with the opportunity to work on diverse projects. #LI-REMOTE