Sporty Group - Senior Purple Operations Engineer
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Experience tuning EDR, SIEM, XDR, or SOC monitoring platforms. • Strong understanding of endpoint, identity, cloud, network, and web attack behaviors. • Practical experience writing detection logic in KQL, SPL, EQL, Lucene, Sigma, YARA, or similar. • Familiarity with MITRE ATT&CK mapping and detection coverage analysis. • Ability to turn Red Team, Purple Team, and incident findings into clear detection logic. • Experience reducing false positives through rule tuning, exceptions, automation, and better entity context. Microsoft Sentinel supports this through automation rules and analytics rule changes. • Strong scripting ability in Python, PowerShell, Bash, or similar. • Good understanding of SOC workflows, incident triage, escalation, and response playbooks. • Strong documentation skills. • Technology Expertise • Any of the following: Microsoft Defender XDR, CrowdStrike Falcon, SentinelOne, Microsoft Sentinel, Splunk Enterprise Security, Elastic Security, Google SecOps, Sigma, YARA, KQL, SPL, EQL, Lucene, Python, PowerShell, Bash, MITRE ATT&CK, Atomic Red Team, Caldera, Vectr, TheHive, Jira, Confluence, GitHub, GitLab, osquery, Sysmon, Zeek, Suricata, AWS CloudTrail, GuardDuty, Azure, Entra ID, Google Workspace, Okta, Cloudflare, Kubernetes logs.
Responsibilities
• Tune EDR, SIEM, and XDR detections to reduce false positives and improve alert quality. • Build and maintain detection rules, correlation searches, dashboards, watchlists, and response workflows. • Translate Red Team, Purple Team, incident, and Threat Intelligence findings into repeatable defensive checks. • Validate that EDR policies, prevention rules, logging, sensor health, and response actions work as expected. • Review noisy alerts and tune thresholds, exclusions, lookups, entity context, and suppression logic. • Support SOC analysts with clear alert descriptions, triage steps, severity logic, and escalation guidance. • Improve log coverage, parsing, field normalization, enrichment, and data quality. • Map detections to MITRE ATT&CK where useful. ATT&CK is widely used to describe adversary tactics and techniques based on real-world observations. • Write portable detection content using formats such as Sigma, which is designed as a generic signature format for SIEM detections. • Track detection gaps, false positive trends, alert health, and platform performance
Benefits
• Sporty is a remote first company in pursuit of sustainability • A competitive salary + individual performance based bonuses every quarter • 28 days paid annual leave • Our core working hours are 10am-3pm in your local time zone with flexibility outside of this • Referral bonuses & flash bonuses • Top of the line equipment • Annual company retreats to provide great internal networking opportunities
No credit card. Takes 10 seconds.