Cyber Security Engineer - Croatia

Role Overview

An international organisation is seeking a hands‑on Senior Cybersecurity Engineer to strengthen and mature its security capabilities across cloud, identity, and operational environments.

Fully remote (reporting into a hiring manager based in another region).

This is a pivotal role focused on building centralised visibility, improving detection and response, and preparing the organisation for a future managed Security Operations Centre (SOC) capability.
You will work across cloud security, identity, endpoints, and infrastructure, while acting as a key technical partner to an external managed SOC provider. As the security function evolves, this role offers a clear progression path toward Cybersecurity Architect or Security Lead.

Key Responsibilities:

Security Monitoring & Detection

• Design and implement centralised security monitoring (SIEM or equivalent)
• Prepare environments for successful managed SOC integration
• Improve detection use cases to increase signal quality and reduce noise
• Enhance visibility across cloud, identity, and operational systems

Managed SOC Integration

• Act as the primary technical liaison for the managed SOC provider
• Support SOC onboarding, log ingestion, tuning, and use‑case development
• Validate alerts, incident handling, and reporting outputs
• Continuously refine detection fidelity and response effectiveness

Cloud Security

• Manage and optimise cloud‑based security controls
• Improve web application security, bot protection, and traffic filtering
• Monitor and analyse traffic patterns to identify threats and anomalies
• Strengthen resilience against denial‑of‑service and abuse scenarios

Identity & Collaboration Platform Security

• Enhance identity protection and conditional access controls
• Improve email security and anti‑phishing defences
• Strengthen audit logging, monitoring, and investigation workflows
• Support investigations into user activity and account compromise

Incident Response & Operational Security

• Establish internal incident response processes aligned with SOC workflows
• Define runbooks, escalation paths, and operational responsibilities
• Support incident investigations and post‑incident reviews

Vulnerability Management & Security Testing

• Implement vulnerability scanning across infrastructure and endpoints
• Integrate security testing into CI/CD pipelines
• Drive remediation efforts and track risk reduction initiatives

Security Engineering & Architecture

• Improve security controls across cloud, on‑premise, and hybrid environments
• Embed security into both digital and operational technology environments
• Support secure design, architecture reviews, and threat modelling

Risk & Compliance

• Support implementation of controls aligned to recognised frameworks
• Contribute to risk identification, mitigation, and reporting
• Assist with audit readiness and evidence collection

Stakeholder Engagement

• Build strong working relationships with business and technology teams
• Act as a trusted internal security advisor
• Improve awareness of shared security responsibilities across the organisation

Experience & Skills

Required

• 5+ years’ experience in cybersecurity or security engineering
• Hands‑on experience with:
  • SIEM and log management platforms
  • Cloud‑based security controls
  • Identity and access management
  • Endpoint protection
• Strong troubleshooting, threat‑hunting, and investigation skills
• Experience operating in complex, distributed environments
• Familiarity with security frameworks such as ISO 27001 or NIST

Preferred

• Experience working with or integrating managed SOC services
• Prior involvement in log onboarding and detection tuning
• Knowledge of security controls in CI/CD pipelines
• Exposure to regulatory or operational resilience frameworks
• Relevant security or cloud certifications

What Success Looks Like (6–12 Months)

• Centralised security visibility fully established and SOC‑ready
• Managed SOC successfully onboarded and optimised
• High‑quality detection use cases in place with low false‑positive rates
• Significantly improved cloud and identity security posture
• Incident response processes aligned with SOC operations
• Vulnerability management operating effectively
• Clear progress toward audit and resilience readiness

Originally posted on Himalayas